The Weakest Link in Security, Dyman & Associates Risk Management Projects
by Lloise Laurel Dyman & Associates Risk Management ProjectsHardly
a day goes by without news of another data breach. It's safe to
say that we live and work in risky times. But there's a growing recognition
that cybercriminals aren't the only threat—or even the primary threat to an
enterprise. "There's a far greater need to educate and train employees
about security issues and put
controls and monitoring in place to increase the odds of compliance," says
John Hunt, a principal in information security at consulting firm PwC.
It's
a task that's easier said than done, particularly in an era of BYOD, consumer
technology
and personal clouds. According to Jonathan Gossels, president and CEO of
security firm SystemsExperts, it's critical to construct policies and security
protections around two basic areas: malicious insiders and those who
inadvertently breach security. "The best security program in the world can
be undermined by ill-advised behavior," Gossels explains.
Construct
effective policies.
Surveys indicate that many workers are not adhering to existing policies. In
some cases, they simply disregard them. "The thing that you have to keep
in mind," notes Hunt, "is that policies must be clear, understandable
and not interfere with the ability of people to get their work done." If
an organization is struggling with non-compliance and shadow IT, then it may be
time to reexamine policies, as well as the underlying systems and tools the
enterprise has in place. "Many organizations have older policies that don't
take into account today's
tech tools, such as iPads and other portable devices," says Hunt. The
policies should also extend to contract workers and freelancers, he notes.
Sponsor Ads
Created on Dec 31st 1969 18:00. Viewed 0 times.