• United States
Managing Editor, Network World Fusion

Managing security policies

May 08, 20032 mins
Data CenterSecurity

* Employee education is the first line of defense against net security problems

You can have the best network security gear around, but it won’t do you any good if your employees keep their passwords written on notes taped to their monitors. Companies around the world are being inadvertently put at risk by their employees’ lax attitude toward IT security, but the employees aren’t to blame. If enterprises don’t educate their folks on the organization’s security policies and keep drilling it into them, the powers that be have no one to blame but themselves.

This week’s Management Strategies story in Network World outlines the importance of information security policies and how companies are instituting and enforcing them today. Experts say employee security awareness training is key in protecting their intellectual assets.

One important step is determining – and revisiting – each employee’s need for access, be it the Internet, e-mail, an FTP server or the client database. Sure, when a person is hired the manager works with IT to get the person access to the necessary resources. But how often do managers revisit that decision? Responsibilities change, but employees’ access levels only tend to expand, not contract. For example, say you have an employee working on modifications to the client database. Once the project is over and the employee moves on to another project, does he still have administrator database privileges he no longer needs? Could be. Revisiting the access your employees have may seem tedious, but can you risk unnecessary access to critical systems?

Many companies also incorporate security awareness training into employee-orientation meetings. While they’re a captive audience that hasn’t been accustomed to bad security habits, it’s the perfect time to lay out your organization’s policies and procedures on matters such as Internet use, password safeguarding, downloads and the like.

Check out this week’s Management Strategies story in its entirety for more tips and advice on improving employee security education: