IT security concerns everyone in the company, from office workers and up to company management

IT security concerns everyone in the company, from office workers and up to company management. Everyone is equally responsible, because everyone uses computers and is connected to the company’s data treasure trove through the computer network. Also remember that the one with the most senior position usually has most permissions online and can do the most damage.

“Data treasure trove”? Some letters and a couple of spreadsheets? Unfortunately, yes. You have access to something much bigger and potentially more dangerous. You have access to the company’s network and thus the rights to destroy company data. Of course, you do not intend to do that, but anyone who takes over your computer without you noticing, can do so. The intention is usually to harm the company, extort money or steal data and resell it to third parties. Without it being noticed. Until afterwards.

It happens every day. Companies are infiltrated, tax authorities have all data stolen, the EU’s internal network turns out to be infiltrated, data from the US security authorities suddenly becomes public, internal emails are published for the purpose of political damage or suddenly an entire city grinds to a halt because the electricity grid is turned off. Mostly due to careless clicking or easy-to-guess passwords.

• Train the staff, the entire staff, even the top management, to recognise the dangers of cyber crime. Periodically check that the training did hit home. It is not up to the IT department to protect the company, instead it is up to everyone to acquire enough knowledge not to be deceived or to destroy data by mistake. It will cost time and money, but the day the company “disappears” things will be much more expensive.
• Turn off the ability to use macros in Word and Excel. One might think that this ancient method of infecting computers, sending an exciting Word file with a name like e.g. “secrets.doc”, which contains a macro that breaks into the company’s network and starts stealing data, would be outdated and eliminated a long time ago. But unfortunately it is still going strong. Be sure to centrally block the ability to use documents with macros, for the entire company.
• Promote sufficiently difficult-to-guess passwords and punish those who reveal their passwords for whatever reason. The most common passwords are 123456, qwerty, 66666, HELLO and the like. Everyone must keep their password secret. The network account should be regarded as each person’s private property and should be protected accordingly. Careless employees should lose their accounts.
• Prevent staff from using their own equipment on the company network. Bring Your Own Device (BYOD) is an unforeseen danger. Members of staff bring their own, unencrypted computers and mobiles to work, log on to the company network and bring internal documents home, sell them, or forget the device at a restaurant, where it gets stolen. It happens thousands of times each year. Establish a tough BYOD policy. Company data should stay in the company.
• Prohibit the use of USB sticks on company computers. It is common for cyber criminals to “accidentally lose” USB sticks in the parking lot outside companies they want to infiltrate. Members of the staff find the USB memories and try them on their computers out of sheer curiosity. The USB stick contains a program that starts when it is plugged in. The program pretends to be a keyboard and can key in various dangerous commands on a logged-in terminal. It is lightning fast.

It must be made clear that it the management has the basic responsibility for safety in the workplace. All types of safety. Facts show that it can be very expensive to ignore IT security and be careless.

It must be made clear that it the management has the basic responsibility for safety in the workplace.