Posts Tagged ‘IT policy’

By Joe Schembri

We all know that having remote access is good idea in today’s mobile work environment, but too often organizations overlook the importance of creating a policy around remote access. Rather, it’s assumed that employees take proper precautions and not create any security nightmare for IT.  Unfortunately, this seldom works, especially because in the rush for meeting deadlines, employees often put their work priorities ahead of security. Developing a remote access security policy is the best solution to making sure that convenience and security issues are met.

Having security policies in place will help IT professionals to carefully integrate personal and company equipment and know which employees can take advantage of remote access and which can cannot.  For instance, workers who need access to medical or educational records may not be eligible to access data remotely due to federal laws about protecting the information they need.  Other workers, especially those who are part of a dispersed team, may need access. In each of these cases, IT professionals need to diligently create, plan and maintain IT security standards and systems.

Realistically, workers want to have access to their work wherever they are and want to be able to connect through their own personal equipment at times – whether that is a smartphone or an iPad.  For IT professionals, trying to make sure that the explosion in growth of remote device access matches the security that is needed can be a challenge.  While every worker  wants to be able to quickly login remotely and access their data, the reality is that the easier it is for them to login, the easier it is for hackers to intercept the login and cause havoc for the company. Ultimately, the best way to guard against this is with a formalized policy.

Next time, stay tuned for a complete check-list of remote access must-haves.

Joe Schembri has over 10 years of IT and IT security experience and currently works with Villanova University’s online IT security training program,s including the CISSP certification prep program.


Of course, among the many reasons that businesses love BYOD is that, in theory, having employees bring their own devices should cut back on costs. But the truth is, BYOD isn’t necessarily a cost-efficient policy and, in some cases, even calls for additional investments.

So why is that?  BYOD requires significant operational coordination between departments, ranging from IT to HR. This also requires many hours of overhead to configure VPNs and ensure secure installations. IT also then needs to take steps to ensure that company data and access to the network is not spread out over too many consumer devices. And of course, when employees depart an organization, IT must make sure their personal devices are scrubbed of sensitive information and their tunnel into the network is sealed.

This is why, particularly for companies with high-risk profiles, CIOs should consider investing in company-owned mobile devices for employee issuance. Doing so would allow for greater oversight of the entire network and ensure higher security.

What are your thoughts – does BYOD, sometimes, cause more problems than it solves?



InformationWeek, 5 Mobile Security Issues to Watch
SC Magazine, Sophistication and the downfall of security
The Wall Street Journal, What’s a Company’s Biggest Security Risk? You.
eSecurity Planet, IPv6 Will Cause Some Security Headaches

You know the scenario, you implement your organization’s security policy, and then within minutes can hear employees groaning and mumbling about IT. According to a new survey, employees don’t just complain to each other – they are now complaining directly to IT.

Four in 10 CIOs interviewed for the Robert Half Technology survey said that it’s at least “somewhat common for employees to complain about security measures that limit which websites or networks they can visit at the office.”

IT professionals have long grappled with being the organization’s “bad guys,” limiting access and denying service to frustrated employees. To dodge outright mutiny, IT professionals can help employees better understand why we have to restrict and monitor what they do. To do this, we’ve turned the survey’s suggestions for employees confronting IT administrators on its head to make the list for IT professionals.

  • Be Open to Questions. Nobody likes to be told policies exist “just because.” If an employee wants to know why a certain site or network is restricted, tell them why. And if they’re not super tech-savvy, do so in laymen’s terms. The answer can be simple, but fostering this dialogue will make employees more comfortable with restrictions.
  • Listen to Business Cases. IT professionals are sometimes so far removed from the rest of the organization, they don’t understand why blocking certain sites and networks is detrimental to business. When employees are making legitimate business cases to change the IT policy, listen. We’ve heard stories of IT departments blocking social media channels at news organizations, leaving reporters scrambling on their mobile devices to catch up on breaking news stories.
  • Explain Your Role. Let employees know that your job isn’t to deny them access to “fun” sites, it’s to protect the organization’s security. The better they understand your role, the more the policies will make sense.
  • Be flexible. When possible, work with the employees. For example, set up one computer in the office that isn’t restricted so employees can occasionally access restricted sites. Compromises like this go a long way in helping employees make peace with IT security policies.