With the growing world of technology, the IT manager is plagued with the grueling task of technology audits. Audit checks are carefully planned, controls are tested and evaluated, and then reports help identify problem areas to work on. The method in which you choose to audit an organization depends greatly on the organization; nonetheless, one factor of auditing should not be overlooked—the follow-up.
At a high level, follow-ups can be divided in two subsets: i) Education, and ii) the technological eco-system. However, in this blog we focus on the education aspect of one unpredictable (and sometimes expensive) risk to the enterprise’s security when left unattended—the Employee.
Continuous and periodic training of employees to remind them of general security practices is imperative for a healthy and secure organization. Here are some follow-up topics that employees can be trained in:
- Passwords: Reviewing proper storage of passwords and continually prompting password changes are important. How often are employees writing their passwords down in a notebook somewhere, free for any person to access? Are the employees using hexadecimal variations of their passwords?
- Multiple Device Management (MDM): Review the proper procedures for using devices within the network (for both enterprise and personal devices). SecureDoc enables user devices to communicate back to a centralized console which is ideal for a multiple device ecosystem; thus, providing oversight and much more ease as the console is available online.
- Proper Internet Usage: With the advent of BYOD, it is difficult to just simply block websites for every device, so ensure that employees are aware of how to evaluate root certificates and application downloads.
- Troubleshooting: When employees are educated in the proper use of a device, they will often troubleshoot themselves, rather than flood the IT manager’s inbox with menial problems. This can include simple operational methods such as the infamous, “Turn off, unplug, plug back in, Turn on.”
A strong network requires an integrative approach to security, so don’t forget about integrating the employees in your follow-up strategies. Put reminders in their calendars, send them memos, and hold semi-annual Security Sweep days; regardless, of how you do it, just educate them!