Two projects to improve IT security without using software

Imagine if an invisible thief could break into your home and start stealing your possessions. That’s one of the threats posed by inadequate IT security. The pain and loss of poor IT security practices cost a great deal.

Let’s illustrate the scale of the IT security challenge:

  • The average cost to a company was $3.5 million in US dollars (2014 Cost of Data Breach, Ponemon Institute)
  • Criminals stole $45 million from Rakbank and Bank of Muscat in 2013 by breaching ATM card security in 2013 (American Banker)
  • In 2014, Sony paid a $15 million settlement payment in the wake of the 2011 hack of Playstation (Engadget)

Clearly, IT security failure are expensive. For many in the technology community, the default reaction is to invest in security software and hardware. Better security technology is absolutely vital. Technology is part of the IT security puzzle. Training staff on IT security best practices is arguably even more important to securing your organizations’ information assets.

The following projects are excellent ways to reinforce IT security. Best of all, they require little to no money to implement. To experienced security professionals, these may seem like basic ideas. However, I challenge you to ask yourself: is my organization successfully implementing these ideas?

IT Security Project 1: Organize a security briefing For your department

Knowing is half the battle. To improve IT security, employees need to understand the fundamentals of security. Here are some starting points for an introductory security briefing:

  • Password Basics: Recommend changing corporate passwords every 90 days or more often.
  • Caution Against Unfamiliar Software: Remind your staff that installing new software can increase IT security risk. For some staff working on highly sensitive activities, consider preventing the installation of new software.

IT Security Project 2: Implement a system access review

How many different applications, systems and IT resources does your company have? Staff at small organizations typically have more than half a dozen logins to manage. Follow these steps to improve your risk management relating to system access:

1) Create A System Access List.

The first step is to ask each employee to list the applications, systems and other resources that require a login. Also ask them to list the reason they use a given resource (e.g. Finance System. Use: Prepare quarterly financial statements for management).

2) Identify Access Rights For Elimination.

Over time, job responsibilities shift and evolve. Use this step to ensure that your IT security keeps pace. Using the system access list created in step one, evaluate whether there are system rights that can be eliminated. For example, if a sales representative resigns from the organization, it is important to eliminate their system access rights as a proactive way to prevent information loss.

3) Schedule An Annual Review.

To maintain IT security, I recommend an annual review of system access rights and privileges. Large firms may already have this requirement in their policies. Ask yourself about the last time you implemented a review. If you skip this step, your IT security will gradually deteriorate.

My question to you is: What is one critical behaviour that improves your organization’s IT security?

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Bruce Harpham
Bruce Harpham
Bruce Harpham writes about project management training at Project Management Hacks. His experience includes leading cost reduction and process improvement projects in the financial industry. Sponsors make or break IT project success. Learn how to build an effective project sponsor relationship with our new report. Go to Project Management Hacks to receive the latest articles.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight