An end to provisional solutions in IT security
Who doesn't know them - the provisional solutions of everyday work. When a solution needs to be found quickly, the person in charge is on vacation, or simply one's own convenience wins out: This is when gaps in IT security arise, resulting in data breaches and increasing the risks of a data breach. Four points to keep in mind.
Requirements in the area of security, data protection and compliance are familiar to employees. Nevertheless, they become a challenge in everyday work. Whether out of convenience or ignorance, situations arise time and again that quickly become critical for IT security. For example, when team members, pressed for time, quickly send sensitive documents to the wrong contacts via a public file hosting system or, quite banally, conduct sensitive conversations in public spaces. To prevent employees from resorting to so-called "shadow IT" or being too careless with sensitive information, clear instructions for critical scenarios and regular training are needed. Communications provider Materna Virtual Solution shows four safety-critical situations that happen quickly in everyday work and should therefore be handled all the more strictly.
1. handle sensitive data pragmatically. When it comes to work performance, modern technology has real boosters in store for employees: in the subway, you can conveniently make phone calls via smartphone, give screen approval for customer data in the meeting, or simply let print jobs linger in the departmental printer until the next coffee run. Are there any security concerns?
#Security: Sensitive and personal data should only be shared with trusted persons within the company and in compliance with data protection requirements and security regulations. Under no circumstances should personal information simply circulate unprotected in public spaces - phone calls in the subway are therefore just as taboo as unprotected documents.
2. security should be defined by everyone. Phishing emails are well known, and insecure websites or apps can be identified at a glance... Experienced employees know that the firewall offers protection against all attackers and that the easiest time to install updates is between Christmas and New Year. There haven't been any data protection problems with WhatsApp either, everything is encrypted, isn't it?
#Security: In terms of comprehensive IT security, the same transparent IT security specifications must apply to all stakeholders in the company. This includes the requirement that regular system updates are installed and that no insecure applications are used for data transfer or communication. Under no circumstances should each employee define his or her own standards, put updates on standby for extended periods of time, or use private messengers for professional purposes.
Devices should not lie around unused. Your employer provides you with the latest smartphone or performance notebook, and then it's supposed to lie around uselessly on the weekend? That would be a shame. Private use is more in line with the spirit of sustainability and also provides a lot of family fun when gaming finally runs smoothly. What's the big deal?
#Security: Professional devices require a special protection concept if they are also used for private purposes in addition to work. According to COPE (Corporate-Owned, Personally Enabled), companies can prepare their devices for secure private use. This can be done, for example, by installing a container-based solution in which all business applications are processed in an encrypted software container.
4. passwords that are easy to remember. Assigning a new password every few months, and having to make it longer and more complicated each time? No more of that. "1234" and "Schatzi" used to provide enough protection and for professional hackers the whole effort is a waste of time anyway ...
#Security: Passwords and multi-level authentication measures are essential and must not be freely accessible or shared with third parties. IT administrators must ensure strict implementation of authentication access. They can support employees in password management through the use of tools and appropriate training. Under no circumstances should printed password lists be found on the desk - and yes: even a locked roll container does not offer sufficient protection.
"Of course, these don'ts are exaggerated, but they are still reality in everyday life. At the latest when a security attack has paralyzed the company," explains Christian Pohlenz, Security Expert at Materna Virtual Solution. "There is therefore no way around an internal company security concept that includes DSGVO requirements and compliance with security measures. The be-all and end-all is then regular training. After all, any security concept is only as good as its implementation by employees in everyday life."
