Like many things in business, the overarching fear of liability a company can face often seems like hundreds of daunting tasks.
This is why I thought it would be helpful to give you some hope with a few simple exercises to get your organization closer to being secured properly.
Whether you use an outside IT provider, such as Datapath or have your own internal IT team, these are good practices to identify weak spots and prevent potential issues now or in the future.
Day 1 –Communication
First and foremost, you have to communicate company wide to your team that you are actively taking steps to better secure your technology. I like to steal a business principle from The Container Store for this part, “Communication is Leadership”.
It’s important in this process that you define and relay why you are taking these measures; whether it’s to better protect your client’s information, protect your employee’s personal information, and/or just to prevent a future financial liability – it’s important that your employees understand this upfront as changes or requests are being made.
Day 2 – Discovery
The second day can be seen as a discovery and a great exercise. Make a list of what IT assets you have, what applications are critical to running your business, where are files stored, IT equipment, and any other relevant items (all the way down to camera systems etc.).
It’s often best to brainstorm with your team on this, put everyone in a room and whiteboard lists (bringing in an outside expert if at all possible). Once you have what’s important pick the top three most important items, and find out who has access to these items and at what levels (i.e., administrator, standard user, etc.).
Make a quick spreadsheet for you to keep track of your users and these assets, and keep it updated going forward as changes are made in the organization.
Day 3 – Action
With the information you’ve gathered during your discovery, identify the most important potential liability.
Make a one-day plan to update necessary changes to limit user access internally or externally who don’t need that level access – or just shouldn’t have it. It’s important to remember that you don’t have to make this a big manual effort, allow your team or outside provider to make a small investment in tools and best practices to make immediate
For example, there are tools that can scan your whole network and layout documentation as to what is connected and where it’s connected. Using a tool compared to spending hours of your staff time to manually figure this out loses valuable time and leaves room for mistakes.
Day 4 – Designate a Point Person
You’ve now communicated that you’re trying to keep your organization more secure, and you’ve set in motion some action on making it secure.
As improvements are happening, make sure your entire team knows who the internal point of contact is for potential security risks.
For instance, I’ve been part of network security cases where someone received a suspicious email. Instead of sending this to a designated security person for review, they forwarded it to another employee that then clicked on an attachment infecting their entire network.
These types of situations can be avoided when your entire team is looking for and identifying potential security issues. Whether it’s something another employee is doing, that your spam filter is allowing too much through, or maybe something much simpler- your team knows who to make aware of what they’re concerned with.
Day 5 – Make the Process Fun
At this point, you’ve created some good groundwork for a more secure network, and you may have some buzz around the office.
Use this to your advantage and have some fun with training your team on helping towards a safe, secure network.
I always feel like people follow incentives, so give people incentives to help. Maybe give gift cards, prizes or cash for being the first to identify potential threats. Put up posters around the office that offer good advice, but maybe inject some humor at the same time.
Get creative, it’s the best way to make sure your team is staying with you in the mission for a more secure workplace.