When new staff enter your organisation, you need to make your security policies a priority during the onboarding process, to ensure your company will not suffer devastating security incidents in the future.
We find that one of the biggest reasons that motivates employees to bypass security measures is saving time and being more productive. This can happen even more often with a new hire who may be eager to add value to the organisation but do not fully understand your company’s procedures and security requirements. They may want to use tools and systems that that used in the past in order to boost performance in your organisation – and this is great! But if this is done outside the eyes of your IT, it can also mean that sensitive data could be put at risk. So how can you prevent this?
This is often referred t
o as ‘shadow IT’ as it implies information-technology systems and solutions built and used inside organisations without explicit organisational approval. Younger generations in particular are accustomed to using a variety of apps and hardware to deliver their work and make their lives easier, and often tend to take IT matters into their own hands. While it can be seen as a proactive attitude, it can also be a dangerous endeavour when sensitive data is stored and shared on media that does not meet your industry’s requirements for security.
For example, if employees use applications meant to increase workplace productivity and collaboration – such as Evernote and Dropbox – and these are not pre-vetted or monitored by you IT, they can put the entire organisation at risk for exposure and compliance issues.
In fact, a Blue Coat study has found that as much as 40% of IT budgets is now being spent outside of the company’s IT departments, on various other systems and applications that their staff use and that may not fully satisfy the organisation’s security standards. This generally happens when staff feel they are not getting as much value as they need from existing IT applications and systems.
So how can you tackle this problem?
1.Develop and interactive onboarding process
When onboarding new staff, make sure they receive a complete security training, including the systems that are used within your organisation, data security and privacy policies, etc. If you use an interactive approach to this, you increase awareness of IT security and the understanding of how it works and why it is important – both for the entire organisation as well as for individual staff members. Try having a Q&A session with new hires and older staff too, in which these policies can be discussed.
2. Review your staff’s need for new IT software or hardware regularly
Start looking at what apps your staff are using and why. If there is a pertinent reason that can create real business value for your organisation, then you need to find a way for these apps to be included alongside your approved apps ensure that security standards are preserved.
This way, you will learn quickly if any of their needs are not met, and you will be able to help find the best application for your organisation to use, without having your employees turn to shadow IT solutions. If your business is located in Scotland we may be able to provide a free IT discovery workshop for your organisation aimed at exactly this – read more details and request a session here: IT discovery workshop.
3. Test your employees on a regular basis
In the real world, cyber criminals send around 156 million phishing emails daily. 16 million of these make it through the filters, half (8 million) are open. 800,000 of them are clicked, and 80,000 people fall for the scam. And that’s just in ONE day. Wouldn’t you want to know how many of the people in your organisation would fall for these scams? And even more important, wouldn’t you like to ensure they don’t? Luckily, you can do both by using an interactive security awareness training. You can start with a free phishing test today.