Five Tips for Strengthening the IT Department in 2015

Featured article by David Kidd, Peak 10’s Vice President of Governance, Risk, and Compliance

Data security continues to be a growing concern for all businesses – small and large – as part of a macro trend taking grip in 2015. While improving technologies are essential for protecting data, studies have shown that internal incidents continued to top the list of 2014 breaches. In fact, a study by Cisco revealed that 39 percent of IT professionals worldwide are more concerned about the threat from their own employees than the threat from outside hackers. This means that even for cloud service and MSP providers, strong IT and security measures must flow from the inside out.

Often times, employee security training is not implemented effectively. As a result, poor levels of staff awareness leave organizations open to social engineering and advanced attacks. Consequently, careless or uninformed employees run the risk of unwittingly infecting their work computers with malware by clicking on pop-ups, downloading information from the internet, opening links from unknown sources and via a number of other avenues.

The growing mobile workforce brings its own unique set of security challenges. While mobile technology is a boon to productivity, it also introduces a new threat vector. Unencrypted USB drives, laptops, smartphones and other devices are an increasing threat to information security. In the hands of careless or malicious employees, every device that accesses the network or stores data is a potential risk to intellectual property or sensitive data.

So, how can IT teams strengthen internal security to support their customer and their bottom line? Here are five tips for strengthening IT departments in the New Year that businesses can implement today:

1. Develop an understanding of employee behavior and use it to help shape, implement and enforce security protocols, from BYOD policies to IT asset access privileges. Regardless of your company’s IT expertise, take advantage of every opportunity to better understand how employee behavior and intent relates to security issues and incorporate that information into your company’s IT security policies

2. Make data security part of each person’s job description, including C-level executives from the CIO, COO and CEO to the CMO and CFO, IT managers, sales and marketing departments, and even administrators. The majority of employees are most concerned about the requirements of their own job positions because that forms the basis for their daily activities, performance reviews, continued employment and opportunity for advancement. Unless leadership makes data protection an integral part of each employee’s role, the employee might not take it seriousl

3. Implement frequent training on security andprivacy at all levels of your company, executives included that educates employees about the reality of risk and their obligations.  Information security training should start at the time of hire, and include an orientation on best practices for computer and mobile device usage, in addition to providing information on your company’s security policies. Make sure training also focuses on behavioral change, not just awareness of security and privacy risks. All the training in the world won’t minimize insider data breaches if people don’t change their actions.

4. Find the right partner when outsourcing IT that not only fulfills your IT requirements, but also acts as a trusted advisor that understands your business objectives and security needs. Providers that put the customer first and have a proven track record of reliable and tailored IT solutions can work in tandem with your internal IT staff to ensure data is secure and staff is well-informed on proper security protocols.

5. Keep data protection top-of-mind for all employees. Employees at all levels of responsibility and across all disciplines must work together to protect critical data assets. When developing data security and privacy policies, involve representatives from across all areas of your company. Use daily security tips that appear on the home page when users log on to their computers. Put IT security awareness posters in employee gathering areas and implement incentive programs that award employees for suggestions that can help improve information security and business productivity and efficiency.

By recognizing that data protection is just not an IT responsibility, and placing a stronger employee focus, you can effectively build a “human firewall” that reduces the number of threats to data security and privacy. In return, you are armed with the confidence and expertise to focus attention on the customer’s needs, providing each with high-quality service, strong responsiveness and tailored, secure IT solutions. At the end of the day, the stronger your own internal security, the better able you are to enable to success of the customer and provide the ultimate customer experience.

David Kidd is Peak 10’s Vice President of Governance, Risk, and Compliance and has more than 20 years of management experience in information technology and has received professional certification through the Information Systems Audit and Control Association (ISACA). David oversees Peak 10’s legal affairs, risk management, and regulatory compliance activities including quality assurance, data center commissioning, and service continuity planning. For more information, visit www.Peak10.com.