by Aidan Grayson on 07/12/12 at 7:19 am
Each new year brings new IT challenges. Some challenges arise from technological innovation. Others come from an organization’s growth, evolving compliance requirements, or the desire to trade bad IT “habits” for good ones.
But if one thing’s certain, it’s that security remains an ongoing concern. That’s why you should carefully consider your security priorities on a regular basis – annually if not more often.
Of course, your security concerns for 2013 won’t be quite the same as in 2012 – or will they? Here are four simple tips for improving enterprise security at your organization.
1. Define your BYOD policy.
If you don’t think employees will access company data with their personal devices, think again. They’re already doing it.
Even if your company already issues smartphones, people who work for you can and will use other devices – usually their personal iPhone or Android phone – to check email, communicate with clients, and possibly even access proprietary data.
To prepare for the inevitability of employees using their own devices to manage company information, it’s important to have a clearly-defined BYOD (bring your own device) policy firmly in place. Employees should know what kinds of data they are and are not allowed to access with any non-company device.
Since you don’t know how secure any one employee’s device is, you really have no choice but to set clear standards for what’s permissible. And be sure to encourage everyone to only use company-issued devices when viewing or transmitting confidential communications.
2. Patch and update, patch and update.
Microsoft issues security updates the second Tuesday of each month. So why not set an Outlook reminder for the second Wednesday of each month to check for updates? They’re free, after all.
Performing a hardware inventory and checking for firmware updates is just as important, but easier to forget. Then there’s Microsoft Update (different from Windows Update!), Adobe updates, browser patches…
Create a schedule that accounts for all the software and hardware updates you’ll have to perform over the next year, and make sure it’s one you can follow. Set automatic reminders in users’ Outlook or iCal apps, and make it obligatory to perform for them to perform all updates when the time rolls around.
While one of the easiest security fixes to manage, patching and updating often falls victim to our “I’ll just do it later” tendencies. Unfortunately, the result is software that’s slower and more susceptible to malicious attacks.
That, and a less secure, more vulnerable network.
3. Require strong passwords & periodic password changes.
If patches and updates seemed simple enough, then requiring all users to employ strong passwords should be just as obvious. Right?
Unfortunately, hacking passwords remains one of the most common ways for wrongdoers to access sensitive company information. And that’s a shame, because there’s no excuse for weak password protection. None.
If you don’t do it already, require all users to use strong passwords that include numbers and special characters. Then make them change those passwords every three months. Many companies have had policies like this in place for years, but unless the numbers lie, others still have a long way to go when it comes to addressing this easily preventable security breach.
4. Seriously consider the cloud.
Remember when 2011 was the “year of the cloud?” And when they said the same thing about 2012?
Well, there was a reason for all the excitement. By replacing legacy systems with cloud applications, enterprises are making proprietary data and business communications available to more users, more often, and from more locations.
What’s more, partnering with a reliable cloud provider will, for many organizations, mean a higher level of security for sensitive data communications. Whereas data once lived on a local server that IT backed up to yet another server, cloud providers offer high redundancy.
In other words, all that data you store on their servers – servers that reside in a state-of-the-art, secure data warehouse – also live on several other servers in several other locations around the country or even around the world. That’s why many organizations find that their data is actually safer in the hands of a cloud services provider than it ever was in local storage.
Many see moving to the cloud as the next phase in enterprise IT’s evolution, and more and more cloud apps enter the marketplace each day. Offsite backup is becoming the standard as well. If you haven’t considered what you might gain by “cloudsizing” your organization, now’s the time to do so.
The end result could be faster, more accessible data – not just convenient, but a lot more secure.
About The Author: Aidan Grayson is a freelance writer and enterprise software buff. He contributed this article on behalf of Attachmate, whose legacy modernization tools help organizations service and enable legacy assets.