Business owners nowadays are facing an interesting dilemma. We have a workforce that is increasingly interested in unrestricted work space. At the same time, we have a society that places higher demands on information security than ever. The conflict that arises and becomes a real struggle for companies is finding a balance between giving employees the freedom to maneuver and securing the data that the company stores from breeches. The only advice the I have in dealing with that struggle is that you need to find the balance that works for your team.
Every security measure you put in place to protect the data will restrict your employees. There is no avoiding it. So you’ve got to make a decision about what level of security you need and get OK with the potential consequences. Employees likely won’t enjoy tighter security. You may be held liable for stolen data if the security is too loose. You’ve got to pick where you want to fall on that scale, then be able to explain – with good valid reasons – why you made that decision. Cheap justifications won’t work.
That being said, there are a few simple things you can do to create higher security in your organization without completely restricting your employees’ ability to get their job done. Here are 3 simple ones.
1. Enforce ridiculously strong passwords.
For many of us, we use the exact same password across multiple accounts. In some cases our online banking password matches our data security password, which in turn matches out Facebook password. This practice is terrible. Match that with the fact that most passwords are overly simplistic, and we’re brewing a recipe for trouble. Usually, the passwords are simple to guess or, at the very least, simple to crack via software. Enforce password creation based on the guidelines I’ve written about before. It helps a lot.
2. Pass data through a lightly filtered server or light web filter.
What do I mean by “light”? Get rid of the basics that don’t belong on your office’s computer screens. Adult content and illegal content are generally necessary (except in approved research situations), but in most cases there is no need to block employees from social media, image boards, or other common sites that feature user-generated content. In most cases, your employees will self-filter, but when you attempt to filter that content via a “net-nanny” style software, you may accidentally block needed sites. For example, a filter against image boards would lock us out of the stock photo sites we use. Allow the risk of wasted time to avoid the inconvenience of unnecessarily restricted access.
2b. At the same time, heavily monitor the website traffic.
Make sure that what’s going on when your employees visit these sites won’t pose a security or a legal risk. Take a regular assessment of what’s being visited from your office. If you notice an employee doing what they ought not, circumventing security, or generally wasting time at a problematic level, you can catch it and deal with it without restricting anyone else from doing their job. There are tons of options for both servers and local machines that will get the job done.
3. Have an open work space.
This third thing you can do will not restrict creative freedom, nor will it create a feeling of micro-management in the office. Cubicles give a false sense of privacy and tend to constrict creativity. Many employees relate them to miniature prisons. Having an open work space without cubicles or divisions gives a sense of openness to the room. That openness will cause your employees to self regulate for fear that someone will catch them. There is no need for micro management. Their coworkers will achieve the same goals. It’s just enough of a lack of privacy to remind your employees that they need to maintain appropriate behavior.
Those three (ok, four) things will definitely allow you to increase your on-site security in a very simple, non-inhibitive way, allowing you to find balance between security and employee production.