An end to provisional solutions in IT security
Everyone is familiar with provisional solutions in everyday work. When a solution needs to be found quickly, the person in charge is not present, or one's own convenience simply wins out: This is when gaps in IT security arise, resulting in data breaches and increasing the risks of a data breach. Materna Virtual Solution shows four pain points that employees and IT managers should pay more attention to.
Requirements in the area of security, data protection and compliance are familiar to employees. Nevertheless, they become a challenge in everyday work. Whether out of convenience or ignorance, situations arise again and again that quickly become critical for IT security. For example, when time pressure causes sensitive documents to quickly end up in the wrong place or with the wrong contact person, or, quite banally, when sensitive conversations take place in public spaces. To prevent employees from resorting to so-called "shadow IT" or being too careless with sensitive information, clear instructions for critical scenarios and regular training are needed. The software manufacturer Materna Virtual Solution shows four security-critical situations that happen quickly in everyday work and should therefore be handled all the more strictly.
Dealing pragmatically with sensitive data. When it comes to work performance, modern technology has real boosters in store for employees: in the subway, you can conveniently make phone calls via smartphone, in the meeting, you can give screen approval for customer data or simply let the print jobs linger in the departmental printer until the next coffee run. Are there any security concerns?
Security: Sensitive and personal data should only be shared with trusted persons within the company and in compliance with data protection requirements and security regulations. Under no circumstances should personal information simply circulate unprotected in public spaces - phone calls in the subway are therefore just as taboo as unprotected documents.
Security should be defined by everyone. Phishing emails are well known, and insecure websites or apps can be identified at a glance. Experienced employees know that the firewall offers protection against all attackers and that it is easiest to install updates between Christmas and New Year. There have also been no data protection problems with WhatsApp so far.
Security: In terms of comprehensive IT security, the same transparent IT security requirements must apply to all stakeholders in the company. This includes the requirement that regular system updates are installed and that no insecure applications are used for data transfer or communication. Under no circumstances should each employee define his or her own standards, put updates on standby for extended periods of time, or use private messengers for professional purposes.
Devices should not lie around unused. The employer provides the latest smartphone or performance notebook and then it is supposed to lie around uselessly on the weekend? Private use is more in line with the spirit of sustainability and also provides a lot of family fun when gaming finally runs smoothly.
Security: Professional devices require a special protection concept if they are also used for private purposes in addition to work. According to COPE (Corporate-Owned, Personally Enabled), companies can prepare their devices for secure private use. For example, they can install a container-based solution in which all business applications are processed in an encrypted software container.
Easy to remember passwords. Assigning a new password every few months again, which has to be longer and more complicated each time? Not necessarily advisable. Better for security: Passwords and multi-level authentication measures are essential and must not be freely accessible or shared with third parties. IT administrators must ensure strict implementation of authentication access. They can support employees in password management through the use of tools and appropriate training. Under no circumstances should printed password lists be found on the desk - and yes: even a locked roll container does not provide sufficient protection.
"Of course, these don'ts are exaggerated, but they are still reality in everyday life. At the latest when a security attack has paralyzed the company," explains Christian Pohlenz, Security Expert at Materna Virtual Solution. "There is therefore no way around an internal company security concept that includes DSGVO requirements and compliance with security measures. The be-all and end-all is then regular training. After all, any security concept is only as good as its implementation by employees in everyday life."
Source: www.virtual-solution.com
