To continue with our how to rethink remote access policy series, IT expert David Pearlstein shares his opinion on why adapting the policy can be difficult and how everyone in an organization can get on board. David is the Principal at DLP Consulting.
I think if you can provide information security training to ALL levels of management to show what would happen to the company if the security was compromised, that would go a long way to convincing people that a policy is needed.
Certainly your legal department should be behind you on this since they have a vested interested in keeping the company’s data from being compromised.
The C-Level management should understand in dollars and cents what it would mean to their bottom-line if the data were to be compromised.
Then there are the regulatory issues related to information security (i.e. SOX) that may also drive acceptance of stricter policies.
Get some facts together. This has to be adopted from the top down to be effective.