Do you abide by your company’s IT policy faithfully or are you your IT department’s worst nightmare? If you are like most employees, you fall somewhere between these extremes, but still could unintentionally be putting yourself and your company at risk. Jefferson Wells, a global provider of professional services including technology risk management, researched the top 10 activities that keep IT managers up at night and developed a process to rank the best and worst offenders.
“Most companies only have a small handful of employees who go out of their way to find new, creative ways to get around IT policies,” said Karl Kispert, solutions director of technology risk management for Jefferson Wells. “Sometimes the bigger problem can be employees who unintentionally break policies without thinking about the consequence of their actions. For example, they may think it is good to take their laptop home to do extra work, but if it is stolen without being properly encrypted, valuable company information could fall into the wrong hands.”
After an in-depth analysis of what is keeping IT managers up at night, and having performed more than 500 technology risk assessments for its clients, Jefferson Wells developed the following quiz. Based on the number of “Yes” answers, employees can see where they rank in the scale of IT risk.
ARE YOU YOUR IT DEPARTMENT’S WORST NIGHTMARE?
1. Do you take your laptop out of the office even though it’s not encrypted?
2. Do you take sensitive company information home on a flash drive?
3. Do you use your work e-mail address on blogging and social networking sites?
4. Do you access your personal e-mail on your work smart phone or PDA?
5. Do you plug in unapproved wireless equipment to your work network?
6. Do you install rogue applications to your work computer?
7. Do you have your passwords taped on your computer or monitor?
8. Do you open e-mail from unknown recipients?
9. Do you forward e-mail with off-color jokes or images to co-workers?
10. Do you continuously e-mail large data files that could bog down your company’s bandwidth?
IT Risk Level: Based on the number of “Yes” responses, you could be putting yourself and your company at risk.
- 0: You are an IT manager’s dream come true. Your IT department thanks you for your compliance.
- 1 to 3: You are most likely an unintentional violator. It’s a good idea to review your company’s IT policy to make sure you are staying within its limits.
- 4 to 7: You are a frequent violator. Consider meeting with your IT department or compliance officer to see if you can accomplish your goals without increasing the company’s vulnerability and exposure.
- 8 to 10: You are a chronic violator and your IT department probably has you on speed dial. Set up an appointment with them immediately to address these issues.
Companies often spend thousands of dollars to build high-tech secure environments to protect proprietary information from outside hackers, yet many neglect to monitor the information that walks out their doors every night with their employees. Laptops, flash drives and smartphones all increase a company’s vulnerability to fraud. But Kispert says if IT managers have acceptable use policies in place, a proactive awareness program, and if they conduct regular technology risk assessments, they could sleep more soundly at night.
There are also a few things employees can do to help lower a company’s vulnerability to fraud. Jefferson Wells offers the following tips for employees:
- Encrypt your data: If you work with sensitive information that you do not want to fall into the hands of your competitors, make sure you either encrypt or remove those files from your laptop or flash drive before you take them out of the office.
- Get a personal e-mail account: Use your Yahoo or Hotmail e-mail account when accessing social networking sites.
- Protect your password: Create a complex password that incorporates upper and lowercase letters and numbers, and commit it to memory.
- Think before you click: Be careful about opening e-mail from unknown sources and always think twice before forwarding potentially offensive content to coworkers, viruses give everyone a headache.
As technology continues to advance, company policies governing its use continue to become increasingly strict. Companies struggle in the tug-of-war between giving employees the freedom they need to do their jobs and the restrictive policies that will help protect the company from fraud and theft. Kispert says that increasing awareness of risky IT behavior should help employees and IT departments work together to create stronger companies with lower IT vulnerabilities.
About Jefferson Wells
Jefferson Wells is a global provider of professional services in the areas of risk, controls, compliance and financial process improvement. The firm specializes in internal audit, technology risk management, tax, and accounting and finance. The firm serves clients including Fortune 500 and Global 1000 companies, through highly experienced, salaried professionals working from more than 50 offices worldwide.
Jefferson Wells is an independently operating, wholly owned subsidiary of Manpower Inc. (NYSE: MAN). www.jeffersonwells.com.
Contacts:
Media Contact
Colleen
Grams
262-938-5407
cgrams@bader-rutter.com
