Why should your company have strong IT security policies?

Have you ever played the game of Risk?  If so, then you know the object is to take control of and occupy every territory—thereby eliminating the other players.  In business, one could say that your “territories” are your assets which includes technology. While we don’t think the goal in business is to eliminate the other players, sadly, there are a variety of other players in the world who wish to take control of your “territories”…both good and bad. Having strong IT security policies can reduce your risk and help you succeed at your business goals.

As it turns out, many (dare we say most?) small-to-medium size businesses do not have even basic IT security measures in place, much less written policies. Just like in the game Risk, you need to control your entire organization, watch your borders for upcoming attacks, and have a variety of defenses in place to protect your business. As an example, the various strains of crypto or ransomware viruses attempt to take over your data and encrypt it for ransom. There is no magic bullet to prevent this type of attempt on your data. But rather, it is a collection of policies that are implemented and followed that can help your organization avoid being a ransomware victim. Multiple layers of defense are necessary that start with recognizing the threats, identifying where critical information lives and then taking steps to protect it.

As in the game of Risk, creating and enforcing IT security policies requires diplomacy.

The human element is one of the biggest risk factors when it comes to IT security. It’s important to develop policies that are easy to understand and easy to follow and enforce. Additionally, everyone in the organization needs to be educated just like everyone needs to know and understand the rules of a game. Of course, wherever possible, IT Radix encourages your organization to implement solutions that automate security as much as possible. However, it’s impossible to implement automatic solutions to fully protect your organization; hence, the heightened emphasis on educating your team about IT security. To help evaluate how well your policies are understood and followed, we encourage you to periodically test your team. It’s easy to get complacent—consistent reinforcement and testing helps mitigate this concern.

Your IT security policies should cover all aspects of your IT environment which includes often overlooked devices such as printers and employee-owned smartphones or services provided by third-party vendors. With the advent of the Internet of Things (IoT), we’re finding the scope of IT policies is expanding even further to include areas such as HVAC environmental controls, physical security and more. IT Radix has helped a number of our clients to develop and document these policies often in response to audits that our clients are undergoing or as a result of some type of security incident. To simplify the process, we leverage pre-existing templates that are then modified to reflect our clients’ actual IT environment. While it’s tempting to adopt someone else’s IT security policies, we often find that our clients are unable to actually enforce or implement some of the items within these adopted policies.

Increase your chances of winning the game of Risk by proactively creating your own IT security policies today. Call us today and learn how we can help!

First published in our March 2018 IT Radix Resource newsletter