Are Your Employees Fighting Your Information Security Policies?
Information security depends on “our people” doing the right thing to protect our data, but too often the security measures we implement force our people to go around them to get their work done. Here are several human problems that result from security policies and solutions that let you achieve effective security without having to fight your employees:
Problem: complex password rules. To make passwords harder to crack, companies often implement rules requiring long passwords containing combinations of uppercase and lowercase letters, plus numbers and special symbols. They also often require passwords to be changed often. These rules make passwords hard to remember, meaning employees often write them down on paper or in an online file, or change them by simply adding a number at the end or changing to upper or lower case.
Solution: Keep your password rules straightforward, and provide employees with a password manager so they don’t need to remember them.
Problem: too many passwords. Another reason employees can’t remember their passwords is there are just too many of them. Every application and device they use has its own login requirements.
Solution: Use single-sign on to reduce the number of times employees need to login to applications. When selecting cloud services, the ability to integrate with your existing security tools should be an important criterion.
Problem: sharing passwords. Employees often share passwords to get work done, either because someone is away from their desk or because a new employee hasn’t been granted access yet. It’s also common to use shared admin logins rather than assigning privileges as needed to specific employees.
Solution: Simplify and streamline the process of creating user credentials so all employees are given the access they need. Don’t create admin accounts that aren’t owned by a specific employee.
Problem: data sharing. Employees often remove data from secured systems because they need to share it with other employees or because secure workflows are cumbersome. They may send the data through email or use an unapproved file-sharing service.
Solution: Protecting too much data makes it hard for employees to recognize which data truly needs protection. Ensure that only sensitive data is protected to make employees more aware of data protection needs. Review and streamline your workflows to make it easier to complete tasks.
Are your information security policies causing your employees to take information security risks? The expert team at Prescient Solutions offers cybersecurity services to businesses in the Chicago and Schaumburg areas. We design strategies and use technology to help your employees keep data secure. Contact us to learn more about how to use security tools to effectively protect your critical data without interfering with your employees’ work.