Eradicating bad e-haviour

Melissa, I Love You, Code Red, Nimda – the mere mention of these network-threatening pathogens, and the ease with which inexperienced users can invite them in past a million-dollars worth of firewalls, is enough to make managers reach for the economy-size antacid bottles in their desk drawers.

But according to security professionals, a few basic policies and training procedures can be a simple, cheap and surprisingly effective solution to those security breaches caused by end user ignorance.

“If you have a virus problem, but you just don’t have a couple of hundred thousand dollars to buy the newest antivirus software, you can still teach your people how to be cautious about how they exchange data, how they open data and what kind of things to look out for,” said Aidan Fisher, president of Ottawa-based Sensible Security Solutions Inc.

Fisher, whose firm has helped many Canadian companies create data-protection procedures, said security incidents often happen because users just don’t know any better – and to know better they need to be trained.

Regardless of an organization’s size, the first thing it has to do is develop a security policy, said Michael Murphy, the Toronto-based Canadian general manager of Symantec Corp.

“They need a policy around Internet usage; and they need a policy around e-mail usage, and it needs to be simple. The corporate policy could be complex, but it needs to be trimmed down into a one-pager so that every employee understands what their obligations are, and what their requirements are,” Murphy said.

Additionally, a security policy needs to be sold to employees as a crucial aspect of the company’s common good, rather than a productivity or behaviour-monitoring tool. Managers, said Murphy, should “avoid taking a heavy-handed, sort of Orwellian approach of ‘Don’t do this, don’t do that.'”

Before ordinary employees can be educated, top executives have to understand that their businesses are at risk if they do not spend adequate resources on security, said Ren

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now