It’s official: your staff are the weakest link in the IT security chain. You can set up a firewall, encryption, anti-virus software, and password protection up to your ears, but it won’t save you from the employee who posts his access information to a public web site.
Most security breaches, viruses, spyware, and other network problems are a result of human error—an end user unknowingly downloading an infected file, e-mailing confidential information, or disabling their anti-virus, to name a few.
So what is a company to do? While there is no surefire way to keep end users from making mistakes, you can dramatically reduce the number of problems by creating an acceptable use policy (AUP) and training your employees on what is and what is NOT acceptable behavior.
AUP Disaster Compliance Tips:
But if you want your employees to actually adhere to your security policies, here are a few tips:
- Keep it simple. A long, confusing policy that looks like a legal document is about as easy to read as the instruction manual for a fighter jet. Make the policies clear and easy to read. Give examples and include lots of screen shots where necessary.
- Provide staff training. Many companies make the mistake of distributing their AUP by e-mail and telling employees that they must read it. This gives them the option of NOT reading and simply signing and submitting. This creates a mess of bad blood when you have to enforce it for something clearly spelled out in the AUP. You don’t need hours of classroom training but a simple 15 or 20-minute session will force even the most reluctant users to learn a thing or two.
- Keep employees updated. To add to the above tip, make sure you update employees on a regular basis to keep the policies fresh in their minds and to educate them about new threats. There’s a new email scam or chain-letter every week so you have no excuses to remind your staff.
- Explain the consequences of failing to follow the policy. This is both to explain the negative effects to the business as well as disciplinary actions that will be taken if they refuse to follow policy. Occasional violators should be warned, and habitual violators should be disciplined.
- Monitor their behavior. The best policy in the world won’t work if it’s not enforced. There are many tools on the market that can do this for you automatically.