Security: The Insider Job

It is an interesting thing, security. You know security use to mean you have yourself a firewall and anti-virus software and you are fine and dandy. This might have worked a decade ago when tons of sensitive data such as personal records, credit cards and the like was not up for grabs.

(WebHost Blog) Even with the need for greater security many businesses (SMBs and enterprises) still have the same mentality. For the past oh I don’t know off hand, three, five years I suppose, there have been many studies, many reports and all talk about the threat of the inside problem.

The insider doesn’t have to be someone who is disgruntled and wishes to do the company harm. That what I would like to talk about specifically in fact. The Insider job in small business.

We hear a lot about the IT manager who changes passwords such as what happened in San Francisco. To the possible problems of workers getting laid off and in a moment of anger sending confidential email and possible “company secrets.” But again a lot of problems do not come from those who wish harm, but from carelessness. A three digit password instead of something more robust, leaving passwords out, borrowing a company laptop and leaving it somewhere, using unsecured flash drives, etc.

In small businesses especially, management may not want to have a security policy. When there are few employees implementing a security policy might seem like the company views employees with suspicion. And that fear of ruining the team dynamic with more rules and regulations.

But the fact of the matter is security policies protect the employees, management, and the customers. The show that due diligence has been maintained by the staff of a company if a security breach occurs and can lower the amount of money a company or employees gets fined in a court of law. It is free to make and only requires a little bit of time to maintain. A few areas that should be looked at are the disposal of old hard drives, the use of flash drives, phishing emails and how to handle them, tracking of portable devices on the network, password creation, password storage, and backup and recovery policies.

The other thing you need to do is have that policy maintained and used. Every employee should know what areas are relevant to them and if changes occur the policy should be updated to reflect those changes. A policy that is not maintained is just as bad as a policy know one uses, which is just as bad as not having one in the first place.

Whether the company is big or small, a security policy that is written, utilized, and maintained goes a long way to helping with internal threats, and can reduce headaches for everyone in the company.

About David Dunlap: Over the past ten years David has been a prolific author of hundreds of blogs, commentaries and reviews found here on WebHostBlog.com , as well as WebHostMagazine.com and other sites around the Internet. David manages the daily operations at both WebHostBlog and Web Host Magazine & Buyer's Guide, and as the head editor, David uses his unique analytical skills to ensure that both sites maintain their integrity and tough, but fair minded, reputations. Prior to his active career analyzing the Web Host industry, David specialized in networking and communications for the U.S. government. David's expertise in traditional marketing and Search Engine Marketing (SEM) has helped boost companies both inside and outside of the Web Host industry.re 19 comments Yahoo! Buzz