If you are an ambitious individual who is looking to make their way up in the world, you are constantly on the lookout for new ideas that will make you stand out from the crowd and put you first in line for that next raise or promotion. Have you considered looking at the internet security policy of your company? You can style yourself as the person who helped prevent your organization’s version of the Sony leak. Here are five things you should check for and talk about with your boss or bring up at the next meeting.
1. Perform a Regular Security Review
It might be best for you to suggest that your company implement a regular security review occurring at least once every month, and ideally every two weeks. First of all, there should be a check of all data to make sure nothing is missing or is showing any signs of being tampered with. This should be especially the case when handling financial data or customer information (lest your company becomes the next target).
Also, your company should have a regular short meeting on any new practices that need to be implemented, as well as a review of what is working and not working for the company in terms of internet security. It may seem like overkill, but there are frequent changes in the landscape that you need to be constantly alert for. You can easily do this as part of another regular meeting.
2. Instruct Employees to Use a VPN Outside of the Office
A lot of companies offer options for telecommuting or otherwise working from outside the office. This can be great for employee productivity if done right and is necessary in some cases that involve field work. Unfortunately, many public networks are horrifically insecure, and thus the data your employee’s working with is at a major risk.
Your company can either set up an office VPN and then have your employees connect to that, or have individual employees use a VPN service. Suggest that the company subsidize or cover the cost of a VPN service for each employee that is outside of the office a lot. It will be a worthwhile investment for your company and your boss will be thankful when he realizes what a risk there was.
3. Update and Backup Frequently
You know those security updates or operating system updates you usually put off for a few days and then let happen when you’re going to restart your computer anyway? That might not be a good idea. Those updates will frequently fix security holes and bugs in the operating system that can make your data vulnerable. These fixes are a good thing. That being said, in the patch notes there is usually an explanation of the bug, and so then every hacker in the world knows about it, and can use it against you if you aren’t quick enough in updating.
On a related note, “We lost your information” is not a sentence you want to be speaking to a customer or a client, for whatever the reason. For this reason your employer should be constantly backing up their data on both physical media and a cloud service of some kind, if only to have it in the event of a disaster or computer crash. Talk to your boss about investing in some external hard drives, flash drives, or storage upgrades (depending on your company’s particular needs).
4. Secure Company Email
While social media may be the way a lot of people primarily communicate these days, businesses still use email in one form or another to conduct most of their operations. However, as we have seen, an email breach can turn into a catastrophe, and all it takes is a single weak point for a lot of important material to get out in the world beyond your control. Make sure you encourage use of the best practices for your email. Mandate strong passwords with frequent changes (at most 3 months), and tell your employees to keep their personal and work emails separate. Make sure to enforce these policies.
In addition, double check what you’re doing with the email servers themselves. Businesses use too many different kinds of systems to make a wide-sweeping generalization, but direct server access should be highly restricted, and you should always be on the lookout for a way to improve your company’s security, should you know enough to properly make recommendations. If not, just be extra-vigilant yourself so you aren’t the source of a possible breach.
5. Don’t Give Universal Access
Would you give the janitor the keys to the safe, or your newest intern the keys to the janitor’s closet? Of course you wouldn’t, and so why should your company give the same thought process to how it distributes its data? A lot of companies just decide to hand out everything to everyone, or send a mass email with sensitive agenda information. This is how secrets get out.
Be particularly careful when using file sharing services or cloud storage. Partially because many places won’t take measures to prevent employees from seeing what they don’t need to see, and partially because often laid off or fired employees will still have access to these services, and thus be able to cause some real damage, should they feel the inclination. Try to suggest that access be reviewed and to make the removal of access from these services part of the standard procedure for employee departure.
May you find success with these tips, and may you have the best of luck when discussing them with your employer. Do it before someone else does, and make yourself that much more integral to your organization.
Author bio: Caroline is a technology enthusiast and blogger who writes for www.securethoughts.com, a great resource for information on internet security.