Even in the most automated of companies, human beings are still necessary to handle emergencies, think creatively, and exercise judgment.
On the other hand, when it comes to IT security, people are often their own worst enemies and by association the worst enemies of their companies too.
Here are a few bad habits that you might usefully encourage IT colleagues and other employees to change.
- Failing to segment networks. When you can see all the endpoints in your IT network, so can a would-be attacker. One compromised system then puts all the others at risk, high risk systems endangering high value systems. By comparison, by segmenting your network, you can keep high risk installations separate from high value ones. A breach on one segment will not necessarily spread to the others, increasing your level of protection.
- Visiting internet sites of poor reputation. It’s funny, but this message can be very hard to communicate. Poor reputation does not only refer to sulphurous adult content, but also to gaming or other sites where security and privacy didn’t quite make it into the specification for the platform and application design.
- Surfing the net from an administrator’s account. Of course, this warning could extend to many other activities that should not be undertaken from within an administrator’s account, but web surfing is one of the most likely examples. Not only does this expose the administrator’s account to increased risk of compromise, but some commands intended for surfing may end up being applied to internal system resources with devastating effects (faulty use of the delete key, for example).
- Using critical systems for other purposes. Machines storing customer payment information must not be used for checking for social media messages, for example.
Changing a habit, for instance from a bad one to a good one, takes 21 days, so the saying goes. So, the time to start that change is probably now!