Fostering a security-conscious company culture

Jan 21st, 2014 / Category: Managed File Transfer

From Target's data breach to Edward Snowden's NSA revelations, data security is rightly a top concern in 2014. Corporate data often includes confidential customer information, company-produced knowledge, business leads and industry insights. To protect this valuable information, managers need to implement cybersecurity measures, such as secure file sharing processes, and they need to develop a corporate culture that prioritizes and respects security at all levels.

Creating a secure workplace
The foundation of a security-conscious company is its data infrastructure. Businesses should evaluate how and why employees need to access and share data. As it becomes more commonplace for workers to use their own devices for work purposes, programs and processes must be put in place that enable employees to securely access and share data as needed, and dissuades them from using non-approved processes, such as Google Drive or Dropbox. 

There are a number of options that businesses can use to foster collaboration and support remote working without leaving their data vulnerable to cyberattacks. For example, wide area file services (WAFS) enable employees to update and share information from anywhere. By locking in-use files, the service prevents employees from writing over each other's edits, and the option to work offline and then sync files facilitates productivity in less connected areas.

Security infrastructure must be well-designed, easy to use and be bolstered by clear company policies to ensure compliance. Where confidentiality and data protection are essential, businesses should develop strong legal protections and incentives, Global News suggested. Corporate leaders can work with their lawyers to add incentives that dissuade employees from departing to a competitor or issue penalties aimed at competitors that knowingly hire an employee in defiance of non-compete clauses in contracts, the source explained.  

Training employees leads to better practice
To improve the efficacy of secure file sharing and managed file transfer services, IT professionals and managers should train employees on best practices (such as password creation), on forbidden behavior and on the features of the program. According to an InsightExpress study, employees frequently put company data at risk by engaging in bad behavior such as accessing personal email from business computers, bypassing IT security settings, sharing work devices with non-employees and transferring files between work and personal computers without security guards. Blocking these behaviors and providing safe alternatives, like WAFS, can make a security strategy more effective. 

Comprehensive security policies and training can also help keep employees on board. The InsightExpress report emphasized that workers should see how security breaches will damage the company, and by extension, their careers, and they should receive instruction for programs and processes that protect data.

To make training sessions more effective, security should be a component of company culture and a visible aspect of corporate interactions. For example, day-to-day business activities should clearly adhere to the company's security code of conduct, the report suggested. Clear guidelines for treating data as sensitive or highly sensitive can also help to focus attention where it's most needed.

Protecting data when employees leave
Secure file sharing services are an effective way to prevent workers from accidentally exposing data. However, businesses also need to plan for employee turnover. According to Smart Business, employees often take intellectual data or customer leads with them, sometimes with bad intentions. Additionally, with BYOD on the rise, the lines between personal and work time are sometimes blurred, causing employees to view company data as their own.

Solutions like managed file transfer systems can help keep clear boundaries between work and personal resources without limiting accessibility. In addition to facilitating data transfers in a controlled environment, companies can take a number of steps to reduce the possibility of data loss: They can restrict access to data before an employee is let go and take steps to end a former employee's access to company networks immediately.