A company’s most valuable asset is its employees. Unfortunately, they also happen to be the weakest link in terms of IT security. You can set up firewalls and encryption software that would make even Spiderman blush with pride, but it won’t do much good if J.J. from accounting posts his online access information to public forum websites or sends sensitive information through e-mail without first encrypting it.

The risks associated with end-user error have been well documented: hackers prey upon human laziness and are well aware that most of us re-use passwords across multiple accounts, have click-happy fingers, and are, at times, more concerned with fast processing speed than with keeping security software enabled.

So, what is a company to do? While there’s no surefire way of keeping end users from making mistakes, you can reduce the number of problems by creating an acceptable use policy (AUP) and by training your employees on what behavior is or isn’t allowed.

When writing and implementing a set of security policies you need to keep a few things in mind:

Keep it simple. A long, complicated policy that looks like a legal document and is about as easy to read as the instruction manual for your car will lose its effectiveness quickly. Your policies should be simple and easy to understand. Give examples and include screenshots where necessary- this will make them much easier to understand and follow.

Provide group training. Many business owners and managers make the mistake of distributing their AUP by e-mail and telling their employees to simply read it, giving people the easy “out” of simply signing and submitting it without bothering with much else. You don’t need to schedule hours of in-person training, a simple 20–30-minute session will ensure that even the most reluctant users will learn a thing or two.

Keep employees updated. To add to the above tip, make sure you remind employees of best practices regularly to help keep the policies fresh in their minds. Make security a part of your weekly/monthly meeting and allow it to become a part of your company culture.

Explain the consequences of not following the policy. The negative effects of not following even the most basic security policies can be dire to your business. Explain why and what disciplinary actions will be taken if members of your team refuse to follow the AUP. Occasional violators should be given a warning, but you might go so far as to decide that habitual violators will be terminated.

Monitor their behavior. The best policy in the world won’t work if it’s not enforced. There are many tools on the market that can automate this for you. Keep in mind, however, that NY state requires every private-sector employer to notify employees of its electronic monitoring practices.

If you need help or are not sure where to start, contact us today. Not only can we help you create a customized acceptable use policy for your staff, but we can also provide training on the topic and, should that be of interest to you, install network monitoring software to ensure it is being followed.

For more information, call us at (845) 237-2117. We look forward to hearing from you.