Human vulnerabilities

So, you have the best firewall, intrusion-detection and antivirus systems technology has to offer. Yet, despite your Mint approach, you're still hit with security breaches and the occasional malware du jour. One reason for this may be the lack of motivation by your workers. According to Ken Shaurette, information security solutions manager at MPC Technology Solutions, however, "a too-often overlooked way to improve these attitudes is to include information security in the job descriptions of employees". When your organization makes security awareness and policy compliance mandatory, the apathetic trend can be reversed.

When management requires security policy compliance to be a key part of an employee's job, interest is generated. An added benefit is that security becomes part of the corporate culture. With performance reviews (hence, possible raises) looming periodically, employees are more apt to fit compliance into their daily routine. Knowing that they're being graded encourages employees to comply with policies.

Shaurette encourages employers to include a wider cross section of employees in the interview portion of security assessment and in compliance reviews. These additional personnel will automatically gain a better awareness of security issues simply as a result of their exposure to security professionals. Not only will they add their input as to what data should be gathered for analysis, but they'll also come away with a better appreciation of the need for assessments. When they're a part of the compliance review, employees "will get a sense of ownership of the final results from the assessment", Shaurette says.

Other options are PC monitoring, restricting network access and the use of unified threat management systems. Deploying this type of technology restricts employee access to the Internet for browsing and using e-mail and instant messaging applications.

It's important to realize that careless use of endpoint devices like laptops and handhelds is one of the biggest causes of compromised security.

It's imperative that endpoint devices be checked for compliance with your network security policy. Mandate that all endpoint devices have the latest patches and antivirus software. In addition, your policy should restrict the use of file-sharing and peer-to-peer applications and require certain operating system, browser and application security settings.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark