Who hasn’t experienced this? When a solution has to be found quickly, but the people responsible are on vacation or convenience simply wins out, IT security quickly falls by the wayside. Provisional solutions often lead to security gaps and data protection breaches. In this blog article, you can read more about the four pain points that employees and IT managers should be aware of in their day-to-day work.
Everyone knows the requirements in the areas of security, data protection and compliance. And although these requirements are well known, they often become a real challenge in everyday working life. Time and again, situations arise that quickly become critical for IT security – whether due to convenience or ignorance. For example, under time pressure, team members quickly send sensitive documents to the wrong contacts via a public file hosting system or, quite simply, conduct sensitive conversations in public spaces. The following four security-critical situations happen quickly in everyday working life and should therefore be handled all the more strictly.
Pragmatic handling of sensitive data
With modern technology, so much is possible: working from anywhere and at any time. Have a quick and convenient conversation on the subway using your smartphone, give screen approval for customer data in a meeting or simply leave the print jobs in the department printer until the next coffee run. Do these situations sound familiar to you?
Caution: Under no circumstances should personal information simply circulate unprotected in public spaces – phone calls on the subway are just as taboo as unprotected documents. This means that sensitive and personal data should only be shared with trustworthy persons within the company in compliance with data protection requirements and security regulations.
Own definition of IT security
Insecure websites or apps are obvious and phishing emails can be recognized at a glance. What’s all this scaremongering about? Especially as experienced employees know that the firewall offers protection against all attacks and that updates are best installed between Christmas and New Year. And data problems with WhatApps…? Isn’t everything encrypted?
Please note: To ensure comprehensive IT security, the same transparent requirements must apply to all stakeholders in the company. This means that the installation of regular system updates is mandatory. In addition, no insecure applications may be used for data transfer or communication. And probably the most important thing: employees must never define their own standards, put updates on standby for long periods or use private messengers for work purposes.
Do not leave devices lying around unused
You get to enjoy the latest smartphone or tablet provided by your employer and then it’s left lying around unused at the weekend? That doesn’t make it any better. Far too bad. Especially as the family can finally play the latest internet game without any jerks. And what’s more, it’s much more sustainable to share a device.
Please note: If work devices are also used for private purposes, a special protection concept is required. With the COPE concept (Corporate-Owned, Personally-Enabled), companies can prepare their smartphones and tablets for secure private use by installing a container solution, for example. This allows all business applications to be processed in a secure, encrypted area. This prevents private apps from accessing business data.
You have to be able to remember passwords
Changing your password at regular intervals and then having to make it longer and more complicated? Apart from the fact that you have to remember different passwords for different applications. “1234” and “Schatzi” used to be sufficient and professional hackers can crack even complicated passwords.
Attention: Passwords and multi-level authentication measures are essential for IT security. They must not be freely accessible or shared with third parties. IT administration teams in particular must ensure that authentication access is strictly implemented. Tools and training courses can also support employees in password management. What is definitely not acceptable: printed password lists on the desk – and yes, even a locked roll container does not offer adequate protection.
Have you felt caught out anywhere? Although these don’ts are exaggerated here, they are still a reality in everyday life. They are often the trigger for a security attack which, in the worst-case scenario, paralyzes the entire company. This happens more often than you might think. That is why there is no way around an internal company security concept. This must include both the GDPR requirements and compliance with security measures. Regular employee training is also essential. After all, any security concept is only as good as its day-to-day implementation.