Some New Year's Security Resolutions Can Also Be Security SolutionsMeet the New Year's security challenges -- same as the old year's security challenges in many ways. And of all of them -- vulnerabilities, cybercrime, flawed old technologies, powerful new technologies, human nature, it's that last that's the most easily addressable. And probably the least addressed.
Meet the New Year's security challenges -- same as the old year's security challenges in many ways. And of all of them -- vulnerabilities, cybercrime, flawed old technologies, powerful new technologies, human nature, it's that last that's the most easily addressable. And probably the least addressed.Doesn't have to be that way, and this is as good a time of year as any to make a run at reigning in the riskier and more dangerous personnel practices at your business.
Of course it's also the time of year when we decide to exercise more, stress less, get organized, quit smoking, save money and anything else we care to improve ourselves with. Most of us know how well those work out. Still...
When you and your team get back to work on Wednesday (or whenever), why not take a few minutes to insist that everyone change their passwords? Then, before the day is out, send out a memo insisting that the passwords be changed every month (at least!) henceforth.
Or how about a post-holiday device inventory, desk by desk, station by station? How many new iPods, phones, thumb-drives etc. have come into the workplace? And how many are already connected to your network? Your policy about such devices is your business -- but you should at least have a personal device policy, and make sure that every employee with access is aware of it.
For that matter what about a log-on audit? How many log-ons are floating around your small or midsize business? How many have been "inactive" -- departed employees, perhaps, or temporary accounts that no one deleted -- for more than a few days? (If any of the log-ons -- or open e-mail accounts or etc. -- belong to terminated employees, there should be some New Year's whipcracking as well as cork-popping.)
Other areas worth reviewing with the staff over the first few days of the year include backups (and what backups can and cannot be removed from the premises), hotspot and other public access for business purposes policies, physical safety of remote devices and equipment, regulatory compliance adherence if appropriate, commonsense security compliance for everybody.
Like our diets, financial plans and other resolutely undertaken New Year's new directions, it'll be all too easy to backslide, to allow new discipline to relax into old slackness, to fail to follow-through.
But as with any successful diet or financial plan or whatever, the benefits of actually sticking to a new, tighter, more consistent security program will begin to show up quickly, both enforcing your rules and reinforcing itself among your employees.
Give it a try -- it's a New Year, after all. The old threats and emerging new ones are not only not going to go away, they're going to gte thornier and more aggressive. Take the human factor out of your security as much as possible now and you'll free up that many more resources to fight the threats that 2008 will bring.