How Employee Assessment Can Enhance Your Company’s Security
In our last blog, we stressed the importance of employees only having access to what he or she needs to better ensure company security. Something important to keep in mind, however, is that over-securing your information can result have negative side effects to your business.
If an employee doesn’t have access to something he or she needs, this slows productivity. This will result in one of two things: the employee halts working, resulting in lower productivity and wasting company dollars, or the employee will find ways around the system to get access to the files needed, resulting in additional security and compliance risks.
Optimally, we are searching for the equilibrium of security and usability. How do we do this? You’ll have to do an assessment based upon these five factors:
- Job Role
What does this person do, and what types of files does this role need to fulfill his or her tasks? For example, a technician will not need access to the marketing department’s drive.
Where this person works will affect what you want him/her to have access to. If an employee works remotely, for example, he may work at a coffeehouse or restaurant instead of from a private home office. This means that any person near your employee can see what is on his screen, therefore having access to your information.
The U.S. Department of Defense has three levels of security clearances: confidential, secret, and top-secret. A similar tiered status system could be used in your office. Determine who requires access to the most sensitive information, then work your way down or vice versa.
How does your employee access company information? If she uses personal devices for work purposes, your company information is at risk everyday when she leaves the office.
Similar to devices, how your employees are connecting to the Internet and company files can increase or decrease security risks. Joining public wi-fi connections can mean that the owner of the hotspot can access what your employee has done while using their connection. Employees using a secure Internet connection (preferably, your business’ wi-fi) keep your sensitive files more secure.
In conclusion, your IT services should be personalized to each employee based upon the context of his or her job. By assessing each position and customizing each employee’s access accordingly, you can save your company in the long run–in more ways than one.