Cyber security is an issue that IT managers across the world face daily and go to great lengths in order to keep data breaches from occurring at their businesses. However, one of their biggest threats for IT Managers isn’t just the outside threat of hackers cracking the security barrier, but their company’s very own internal employees creating vulnerabilities and possibly enabling data breaches. Typically, when a breach happens internally it’s due to a disgruntled employee, but in this case we are focusing in on the breaches that occur due to negligence or unaware circumstances.
In a survey conducted by Sungard Availability Services, the top changes IT managers said they would implement if left in charge of their company’s information security program would be to enforce stricter security policies on employees. The challenges surrounding vulnerable web applications, out-of-date security patches and updates and obvious or missing passwords are just a few of the issues that IT Managers face when ensuring that their company is secured.
Data breaches are becoming a commonplace in the IT world. In recent news, the New Jersey Swedesboro-Woolwich School District had its network breached and held hostage for 500 bitcoins, which is equivalent to $125,000 U.S. currency. The school chose not to pay the ransom and was left to reap the consequences of the breach. Due to the threat the school had to postpone the scheduled PARCC exams and its internal and external communications as well as its point-of-sale for school lunches were non-operational. “We are operating as if it’s about 1981 again,” said Superintendent Terry Van Zoeren.
After the school district spent the weekend and into the following week to establish a secure network again, it was found that the breach was caused by a weak password that was used by a vendor working on the school’s systems. This represents how complex of an environment IT security is and how the weakest link can tear down the whole system. It is of high importance to ensure that you are properly vetting out vendors who have access to your network. Adhering to regulatory compliance standards such as SSAE16, PCI, and other similar standards will enable you to properly enforce your standards and regulations downstream to vendors and other individuals with access to your network.
Incidents like the Swedesboro-Woolwich School District are occurring more frequently these days as businesses are heavily relying on IT. While IT managers are highly aware of these concerns, the enforcement of stricter security policies companywide can be a struggle at times. Most find it difficult to enforce rules and regulations seamlessly throughout the organization, especially when it requires the employees to put in more effort on their part. For example, using passwords that are made up of letters, numbers and symbols can significantly change the vulnerability of a network.
In order for IT managers to enforce certain changes and keeping employees from using shadow IT they have to start with executive management to create a sense of urgency. Having support for IT security in the workplace from executive management to managers on the floor means a lot. An employee can thwart all kinds of good efforts by being lazy, thinking they know better or just not caring, but if everyone is on board the oversight at the employee level can ensure that the team as a whole buys into it and the security agenda is successful.