Over the last few articles we talked about how ITSM systems help Tirihanna with password changes and maintaining her work station. We talked about how her lack of training caused major issues. And we talked about the various security processes and protocols which form the backbone of both the training and secure operations.
Let’s go back to Tirihanna, as she moves to another company which has the infrastructure, policies and procedures and training in place to operate effectively, securely and smoothly. The new organization welcomes Tirihanna onboard and provides her with a package of materials in her email. Before she gets to that, she has to log into her workstation. The password policy requires her to change her password on first login with a complex password. Once she does that, her operations will be secure – provided she follows the rest of the policies.
The onboarding package includes a list of the policies – not just her work schedule, but also security policies in clear and plain English, explaining where she can and cannot use her work credentials, and the repercussions and consequences of misuse of credentials will be. They provide an overarching guide on internet use on a corporate machine, including usernames and ID. Apart from these IT security policies, they include processes and procedures to get software installed, to submit trouble tickets and access the help desk. They also have everything she will need to see all of her IT needs are met and serviced in a smooth and regulated way.
On the back end, network policies and firewalls manage what sites employees can visit. Configured in this manner, with ITSM and change management policies in place which are clearly conveyed to all employees, the organization can operate knowing that they are as secure and efficient as possible. In every organization, there is the nexus between the two, which will be different for every organization. Once you find the nexus point, you can craft policies to land in the sweet spot. And, if you listen to employees, you’ll know exactly where that sweet spot is.
Now if Tirihanna makes an error, she will know exactly what she did and why she is getting reprimanded for it. And, the company is covered in their actions if they have to let her go due to her malfeasance, because it was clearly spelled out for her and was explained to her every six months. No employee wants cyber training every six months, but they need it. The cyber threat changes that rapidly, if not faster. It’s an adaptive process and staying on top of it is critical to success.
Ultimately, it is the organizations’ responsibility, and strategic imperative, to ensure that their cybersecurity policies and procedures are clearly, and regularly, communicated to every employee. A chain is only as strong as its weakest link, and every employee is a potential weak link. Thus, business leaders need to make sure their cybersecurity training and technology are up-to-date for every employee. Otherwise, when – not if – you are shut down due to ransomware or crippled due to a virus, you will have nobody to blame but yourself.