From Ministers losing laptops to hackers bringing down Steam I.T. security is a well covered topic in the media and most businesses and individuals have secured their IT infrastructure with anti-virus software and back up’s. What many businesses miss is the human weakness in their network.  Individuals are of course fallible but as always with HR, robust policies and guidance minimises your risk. In conjunction with Kevin Ackland of Systems and Solutions Ltd we have identified four main areas of weakness in wetware (that’s humans using the network).

Malicious Websites

Malicious websites are websites which intentionally or unintentionally host malicious code on them or masquerade as another site in an attempt to trick you into revealing information. In general good internet security and firewall software will allow you to avoid any serious breach, however you should always be sure to make it very clear to your employees what is and isn’t acceptable behaviour with regards to using the internet at work.

Infected devices

A new device already infected with a virus being introduced to the network is one of the most common ways that your IT network security can be breached. Any device introduced to any machine on the network brings with it the possibility of infection, the most obvious is employees plugging in USB pens, however increasingly mobile phones are also being used by viruses. There are a few ways to protect against this kind of threat:

Setting all you computers so that they don’t ‘autorun’ new devices.

Ensuring employees who do need to use USB pens etc do so with company owned devices which are regularly virus checked.

And, of course, ensuring all your employees are aware of the dangers and policies you have in place.

Loss of a Device

This one is horrible from both an IT and HR standpoint. If your employees use devices that they remove from the premises there is always a chance of loss, whether it’s a usb pen or a laptop the result can be appalling. Apart from the obvious of banning removal of any device there is really no way to protect against a loss. What you can do however is be prepared to deal with one.

From an IT standpoint you should password protect and encrypt all your devices. You may also choose to install software which upon loss would allow you to remotely access the device and delete the hard drives.

HR’s main aim in a situation like this is to provide the business with a means to recoup the loss from the employee IF a device is lost negligently or maliciously.

Disposal of old equipment

Disposal of old equipment only poses a threat when done incorrectly. Whether you offer the devices to your employees or dispose of them through recycling/destruction you should ALWAYS ensure the devices are thoroughly wiped of all sensitive data through a professional service. Simply deleting any information or even formatting the hard drive does not make the data inaccessible. If selling old equipment to employees you should be aware that you are the bound by the sale of goods act, whether selling or gifting the equipment there may be tax implications depending on the employee’s status and companies may be required to PAT test any equipment. There are also issues around responsibility should the equipment malfunction, particularly in case of malfunction leading to fire.  As always your employees should be aware of your policies in this area to avoid conflict.

Ultimately, in our opinion, the risk and potential expense of ensuring the devices are in a fit state to be sold and maintained far outweighs the potential benefit.