Making IT secure: why employee education on business IT is crucial

CIOs today are confronted with an ever-evolving IT landscape, which brings opportunity and risk in equal measure.

For every new device which enables enhanced productivity and the ability to work from anywhere, there is also one more potential security loophole within the business.

Managing this balance between embracing workflow-enhancing innovations and ensuring strong security defenses is crucial, and so companies look to the senior IT team to help workers safely transition to new technologies and devices which can help them maintain a competitive edge.

While maximising both productivity and security hand-in-hand is a tricky objective, it is still the end goal and expectation many companies place on their CIO.

The challenge is that behind every device there is a user, a user who is often the weakest link – even in the most secure IT infrastructure.

CIOs by definition tend to work within established companies with hundreds or thousands of employees, based across a multitude of departments and often over several regions.

>See also: Cybercrime just got personal – and it’s time employees were educated

All staff have different technological requirements, and this is especially the case when it comes to security.

Finance staff, for example, will handle confidential figures, while sales staff may have access to a wealth of customer data which has to remain confidential.

Managing all of these staff is a daily challenge for IT departments, and IT education should be a central part of any strategy.

But should CIOs be looking more closely at what is taking place under their own noses before worrying about breaches or weak-points elsewhere?

A Toshiba survey of senior IT decision makers across Europe found that staff in the IT department are among the most likely – 43% – to ignore any regulations put in place when it comes to using IT solutions without official approval.

Often IT staff can have the most widespread access to the company’s network, with the ability to reach all folders and grant permissions to others, so this is a significant risk which needs to be addressed.

Many IT staff clearly are not practicing what they preach, despite the higher risks involved should they lose or misplace a device in their possession on which they have ignored protocol.

>See also: Top tips on developing a more security-minded workforce

Beyond this, IT staff are instrumental in advising other departments – if their own practices aren’t secure, it may lead to similar bad habits to be spread across the company, especially among less tech-savvy staff members.

But this challenge goes beyond the IT department, with Toshiba’s research showing that the majority of companies are experiencing difficulties of this nature.

84% of those surveyed said the unauthorised use of IT systems and solutions happens to some degree within their company, with 43% saying it is a widespread problem.

This is most true with the hardware in use, where file safety is literally put into the hands of employees.

For example, many staff may feel it is acceptable to use a personal device while working from home, lacking any in-built security barriers which should be in place when working outside of the office.

In reality, it is essential staff consistently use business-built hardware which combines security with productivity-enhancing solutions.

Ultimately, responsibility for IT security falls at the feet of the CIO, and any data breaches or attacks today can be critically damaging for a company – risking fines and destructive reputational damage.

>See also: How mobile technology in education is shaping the next generation of employees

Technology can and must play an integral part in maintaining a secure IT infrastructure.

Zero client solutions, for example, provide one way of addressing data leak issues, as they can provide a secure environment which moves all data, solutions and applications away from the potential vulnerabilities of a specific device.

This also offers the freedom for different departments to embrace varied, hosted solutions.

But equally important is the human touch, and CIOs must make sure all employees are well educated when it comes to the IT strategy and infrastructure put in place.

If not, they will be the first to be held accountable for any security crisis.

Many companies fail to invest in security defenses until they’re forced into action by a major incident – by which time it is often too late.

It is imperative CIOs act now to ensure they and their employees are doing everything they can to safeguard the business against growing IT security hazards.

Sourced by Neil Bramley, B2B PC Business Unit Director, Toshiba Northern Europe

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...