It’s no fun being the tough, no-nonsense boss, but noncompliance in cybersecurity policy is kind of a big deal. There are hackers who don’t know a line of code, who can’t tell a Mac from a PC, but they know how to get your data through social engineering. An employee who loans their work laptop to a friend can do a lot more damage than an army of code-crackers. Your media liability insurance will help you patch things up if something like this happens, but your best bet is to ensure compliance in order to prevent this from happening in the first place.
Here’s the challenge: Stricter regulations probably won’t do you much good. If someone is careless with company data, they already know they could get in trouble for it. Losing their job and being fined $500 is, in the grand scheme of things, not much bigger of a problem than just losing their job. Hackers use social engineering to get at your data, you want to fight fire with fire in order to protect it:
-
- Use PC’s, not laptops for sensitive work. It sounds silly, but a lot more leaks are the result of lost phones and laptops than hackers. Very few employees are going to try and take their PC home with them or leave it unattended on a table at a coffee shop.
-
- The cloud is safer than people think. Anybody can copy a USB drive. Cloud-stored data cannot be accessed without the proper login, or a daring Mission: Impossible style heist, rappelling into a server farm to steal the relevant data.
-
- Allowing login through biometrics, like thumbprint scans, can streamline the login process for your team while making it very difficult for anyone not authorized to gain access.
-
- Be very careful with your work-from-home policies. It may be best to completely disallow this at the higher levels of security clearance. There isn’t really any reason for an employee to take a customer’s financial information home with them, anyways, and it goes without saying that there’s certain material that should never be handled by freelancers and outsourcers.
-
- Streamline your policy. The simpler your compliance policy, the easier it will be to understand. Bring people on step-by-step, don’t give them too much to memorize right away. As you move somebody up in clearance levels, you can tell them what they need to know.
-
- Change passwords regularly and monitor for break-ins. It’s like when too many people are borrowing your Netflix account: You don’t have to go and ask them individually to stop, you can just change the password.
-
- Consider banning removable storage and outside devices at the higher levels. Again, your data is at a greater risk in a pocket-sized device than it is on the cloud.
