Security is everone’s responsibility

I was chatting with a customer the other day.  He was calling to inquire about ways to auto-login and auto-logout users on acouple of PC’s in their office.  At the same time we also discussed howto password protect Excel files.  All of this piqued my interest so I asked him what was going on.

It seems he was trying to do a dance as they have a number of “unsophisticated” technicians in their office that have to access some critical files from certain machines at all hours.  The technicians were whining because they think it is too much bother to login to a PC, let alone start one up, when they come in after hours.  My contact was also trying to secure a critical Excel file from prying eye’s (on the same PC’s).  I shattered his bubble by poiting out passworded files mean nothing if the file is left open on an open PC.  Then I really started on a rant.

Frankly,  I’d be kicking the technicians in their behinds over their reluctance to login/logout and then I’d be showing the worst offenders to the door if things didn’t improve.  Why?  Simple … security is everyone’s business and responsibility.

In the case of my customer, their technicians have access to security codes and keys to numerous buildings around the city.  By definition, the technicians are bonded and it is understood that they will protect access to the buildings and not make access codes public or keys available to others.  The PC they are accessing in the office also contains proprietary information which is just as sensitive as the accesscodes, possibly moreso, so the same rules should apply.  It’s just common sense.

If you expand upon this just a bit you can see how the concept really applies across the board.  We all now carry so much information with us on our phones, tablets, PC’s and in our Cloud accounts.  Some of that information is quite public but lots of it is private and/or proprietary and we should be doing all that we can to keep it that way.  Businesses that pander to the whining of some individuals,  like the technicians at my customer, are doing themselves a grave disservice.  Frankly, the attitude of business owners and managers should be “too bloody bad” and steps should be taken to tighten up security.  And individuals should also tighten things up.  Don’t make it easy for others to “steal” your data (or even spy on it).

Organizations need to create a security policy and then apply it, enforce it and educate all of their users about what they need to do to ensure ongoing security of their data.  This should include (but is not limited to) things like locking PC’s, phones and tablets when not in use; setting strong password policies; setting policies around data sharing and access; setting Cloud services access rules; even setting rules about not letting others (specially your kids) use equipment (phones, tablets, PC’s) supplied by the organization.  There need to be consequences for flaunting the rules, as well.  In our office an unattended, unlocked PC is an open invitation for embarrassing emails to be sent out from Outlook on the “offending” PC (a gentle reminder).

And let me use that last bit as an example.  If someone can send email from your account that means they could send something damaging, slanderous, libelous,  maybe even criminal and who is to say that it was not sent by you?  At the same time they could dig through your email (or your system, for that matter) and glean information that would not be theirs to see otherwise.  I don’t think I have to provide many more examples for you to see what I’m driving at.  Security can only be applied by systems and devices so far, then it is up to the “wetware” (that would be you) to take over and keep things secure.

So think about how you use your devices and how and what you need to do to protect your data.  A little forethought and a lot of common sense goes a long way.  Be aware and take care because a little inconvenience up front (entering a hard to type password, for example) can save a lot of embarrassment and grief down the road.