Learn It 17.4.2: Issues in Information Technology

Preventing Cybersecurity Problems

Security plans should have the support of top management, and then follow with procedures to implement the security policies. Because IT is a dynamic field with ongoing changes to equipment and processes, it’s important to review security policies often. Some security policies can be handled automatically, by technical measures, whereas others involve administrative policies that rely on humans to perform them. Examples of administrative policies are “Users must change their passwords every 90 days.”

Preventing costly problems can be as simple as regularly backing up applications and data. Companies should have systems in place that automatically back up the company’s data every day and store copies of the backups off-site. In addition, employees should back up their own work regularly. Another good policy is to maintain a complete and current database of all IT hardware, software, and user details to make it easier to manage software licenses and updates and diagnose problems. In many cases, IT staff can use remote access technology to automatically monitor and fix problems, as well as update applications and services.

Human Vulnerability

Companies should never overlook the human factor in the security equation. One of the most common ways that outsiders get into company systems is by posing as an employee, first getting the staffer’s full name and username from an e-mail message and then calling the help desk to ask for a forgotten password. Crooks can also get passwords by viewing them on notes attached to a desk or computer monitor, using machines that employees leave logged on when they leave their desks, and leaving laptop computers with sensitive information unsecured in public places.

Portable Devices

Portable devices, from handheld computers to tiny plug-and-play flash drives and other storage devices (including mobile phones), pose security risks as well. They are often used to store sensitive data such as passwords, bank details, and calendars. Mobile devices can spread viruses when users download virus-infected documents to their company computers.

Your Work Communications Are Not Private

Typically, emails sent from a company email account are not considered private. Employers may monitor these communications. Pay attention to whether your organization has a handbook or policy informing employees that use of company resources is for business purposes only.

To ensure that your private, personal communications are kept private, be sure to use your own devices and your personal accounts if you need to access your personal electronic communications while you are at work.[1]

 

  1. Guerin, Lisa. “Email Monitoring: Can Your Employer Read Your Messages?” Nolo. Accessed May 22, 2023. https://www.nolo.com/legal-encyclopedia/email-monitoring-can-employer-read-30088.html.