Proper communication key to IT security compliance
VAR_Staffing / VAR Staffing
Looking at the numbers released by IT security firm Symantec can be a bit overwhelming. The company blocked over 5.5 billion malware attacks, which is an increase of over 85 percent from 2010. There was also a 35 percent increase in Web-based attacks and a 41 percent increase in new kinds of malware.
Hopefully these numbers do not send IT Principals running for the hills, but rather have them taking a moment to examine their current strategies and how effective they are.
A recent article from ComputerWorld did just that, with the help of a handful of IT security professions. According to the report, IT Principals are struggling to create policies that are effective and easy to use. This is because tech professionals forget to properly communicate the goals in a way that causes the entire workforce – from c-level executives to mailroom workers – to not only understand the procedures but also respond to them.
Malcolm Harkins, the vice president and chief information security officer at Intel said that many IT departments rely too much on scaring employees into compliance.
"You don't want to spin information security compliance as fear," said Harkins. "Fear is like junk food – it can sustain you for a bit, but in the long run it's not healthy."
He went on to say that the goal is to get employees to go beyond compliance toward full commitment to protecting the company's information. If employees believe in doing the right thing, protecting data and have been provided the right tools, they will make reasonable risk decisions.
For any security practice to be successful, IT Principals need to ensure they have reliable resources in place to keep policies up-to-date and employees informed. VARs and MSPs can offer the proper solutions to keep any enterprise running.