Mar 16 2009

Make Security Training a Priority

An IT manager says the best security defense is a staff of trained employees.

Security is quite possibly the most important consideration in the day-to-day operation of an IT department. To protect a very valuable asset — your data — there are many options for locking down systems of employees who travel, such as smart cards. But that will protect the notebook from thieves, not from your employees. To protect your employees from themselves, training them to understand their responsibilities is the best defense.

Smart cards have been around for quite a while. They are used by the U.S. military and various branches of government, and we’re now seeing increased usage in the private sector. My company has successfully implemented smart cards to protect our notebook computers.

A smart card looks like a credit card, but it carries a microprocessor and memory chip. At my company, we register the smart card to a notebook and an end-user. When an end-user boots up the computer, the card secures the operating system and data. If the user name and password stored on the card match the PC, access is granted. Without the card, the notebook becomes a paperweight.

Back Ups: Who’s in Charge?

What happens when a computer experiences a fatal error? I can’t count the number of times that a hard drive has crashed and the user had no clue who was in charge of the backup and recovery process. No one ever expects a disaster, but they do occur, so it’s important to be smart from the start. Whether your employees use an external drive, a network drive or an external backup service, teach them what to back up and how (and how often) to do it.

Do you have desktops and notebooks that need to have data saved to another location? Do you allow your employees to save data to their local hard drives? If you answered yes to either of these questions, you might have a problem.

If your company does not deploy Active Directory domains, Group Policies, network drive mappings or default system settings to save data to a backup location, then end-user training is critical.

Inform employees that the IT department is not responsible for backing up data on local drives. Usually, end users don’t get this until they lose something important. Unfortunately, few if any employees think about protecting their data, and those who do think it’s someone else’s job.

Implementing a data backup plan before it becomes an issue is your best route. Educate your end users on the how, when and why of data backup, even if it seems elementary to you. They will thank you when there is a hardware failure and you, by preparing them, will have ensured that they are up and running as soon as possible, and not spending countless hours trying to recreate lost data.

Martin Hauser is an infrastructure manager at 4C Solutions in East Moline, Ill.