People are often seen as the weakest link in a business’s security defences, but employee value and potential is largely overlooked. End-users can in fact be valuable assets, helping to protect your business and improve security measures through their knowledge and feedback.
Photo Credit: Pixabay
Security procedures should not ignore the user’s needs but rather embrace them to enable the business to run more smoothly.
In this guide, Syntax IT Support London give you some ways to take your supposed ‘weakest link’ and turn it into your strongest.
1] Change password policies
We have been under the impression for too long that a strong password can prevent all security breaches. Strong passwords are good, yes, and keeping passwords private should still be encouraged, but increasingly complex password policies are not as helpful as we might think.
Forcing users to create several long, complex passwords and expecting them to remember these without ever noting them down is unreasonable.
It’s even more unfair to then expect users to change these passwords regularly and keep track of which gives them access to each account.
We have come to believe that this is good practice, but there is actually no evidence to suggest that changing passwords regularly keeps businesses secure. More focus should be placed on putting technical defences in place, so that security is less dependent upon users.
Passwords should only be used when they are really needed, and technical solutions should be utilised to allow users to record and store complex passwords when necessary.
As long as employees are steered away from using the same passwords at home and in the workplace, and know not to use the most predictable ones, businesses can be kept secure. Companies need to put less pressure on their workforce and make password management easier for employees.
2] Listen to the end-user
Some security practices in business do not work simply because they cannot be carried out by the end-user. When security gets in the way of employees doing their jobs, there is a problem, and staff shouldn’t be blamed for trying to work around security when they are just trying to get their work done.
In order to rethink security strategies and make them efficient as well as successful, security teams should take on board the end user’s feedback and work to provide solutions to any problems they might be facing.
The only way security can improve is if people stop being treated as the problem, and start being seen as a solution.
3] Stop punishing people for their mistakes
Too often businesses instruct employees to follow security policies that are impossible to effectively follow, and punish them when they inevitably make mistakes.
If people are continuously making the same errors, it is the policy that is the problem. Punishing employees does not solve security issues but makes them less willing to learn as they are hurt and led to believe that any mistake is entirely their own fault.
We need to stop expecting everyone to follow policies that are too complex and find other ways to protect our businesses.
It is time we put less pressure on our employees and stop expecting them to be perfect users. After all, being human means all of us make mistakes from time to time.
Security strategies must be altered to make employees’ lives easier and ease frustration, allowing them to do their jobs without security measures preventing them from doing so.
By listening to people and realising their potential rather than considering them to be our incapable ‘weakest link’, security policies can improve and boost productivity as well as protection.
