It’s official: end users are the weakest link in the IT security chain. You can set up a firewall, encryption, anti-virus software, and password protection up to your ears, but it won’t save you from the employee who posts his access information to a public web site.
Most security breaches, viruses, spyware, and other network problems are a result of human error—an end user unknowingly downloading an infected file, e-mailing confidential information, or disabling their anti-virus, to name a few.
So what is a company to do? While there is no surefire way to keep end users from making mistakes, you can dramatically reduce the number of problems by creating an acceptable use policy (AUP) and training your employees on what is and what is NOT acceptable behavior. But if you want your employees to actually adhere to your security policies, here are a few tips:
· Keep it simple. A long, confusing policy that looks like a legal document is about as easy to read as the instruction manual for your digital camera. Make the policies clear and easy to read. Give examples and include screen shots where necessary.
· Provide group training. Many companies make the mistake of distributing their AUP by e-mail and telling employees they must read it on their own. This gives the employees the option of NOT reading and simply signing and submitting. You don’t need hours of classroom training but a simple 15 or 20-minute session will force even the most reluctant users to learn a thing or two.
· Keep employees updated. To add to the above tip, make sure you update employees on a regular basis to keep the policies fresh in their minds and to educate them about new threats.
· Explain the consequences of not following the policy. This is both explaining the negative effects to the business as well as disciplinary actions that will be taken if they refuse to follow policy. Occasional violators should be warned, and habitual violators should be disciplined.
· Monitor their behavior. The best policy in the world won’t work if it’s not enforced. There are many tools on the market that can do this for you automatically. Edict without accountability doesn’t work. People perform to what is measured and reported on.
Need Help In Creating An Acceptable Use Policy and Training Your Staff?
Not only can we help you create a customized acceptable use policy for your staff, but we can also provide training on the topic and even install network monitoring software to make sure it is enforced. If you have questions or would like a FREE Acceptable Use Policy or want to learn how to easily and automatically enforce it, contact Jennifer at Jennifer@mis-solutions.com or call 678-730-2703.