Information Security Starts with Your Employees

Apr 27, 2016 | | 10690 |

Information Security Starts with Your Employees

By Kevin Sokolowski

As technologies improve and become a part of every aspect of business, dealerships must continually enhance their information security practices to keep their data — and the data of their employees and customers —secure. Management teams, particularly those dealing with confidential information, need to set the standard for acceptable Information Security practices in their organizations and lead by example. Here’s a guideline for simple, but effective, ways that you can incorporate Information Security practices into your workplace.

Security Awareness Training

Cyber and Information Security often invokes mental images of groups of hackers working to break down the front door of your technology infrastructure. While this type of attack does happen, it is not as common as you may think. Having active defenses is great, but your organization cannot solely rely on them for full protection. Even the strongest, thickest walls are useless if someone invites the enemy in through the front door. This is why providing all employees with security awareness training is one of the most useful practices that companies can employ to improve their overall security. Security awareness training is most effective if employees understand the importance and how it applies to your business. Do your employees know how to recognize the difference between a legitimate email request and a phishing email that is encouraging you to click on a link or attachment? How would an employee handle a phone call from someone requesting confidential customer information? Educated and alert employees help mitigate the risk of a technology and/or physical security breach.

1) Password Management

Passwords are one of the most familiar and routine information security methods. Because passwords are so common, people are often complacent about them. Failure to follow effective password standards can put dealership information systems and resources – or your own personal information – at risk. Keep your passwords confidential at all times, and avoid using the “remember password” feature. Change your password often, and make sure you are changing it to an entirely new password. Working with organizations that value your security is also important. Payworks, CDK Drive’s payroll provider in Canada, enforces strong passwords for users of its application. This means that any time a password is changed, the strength of the user’s new password will be validated. Finally, don’t reuse passwords for multiple applications, and don’t store passwords in a file on your computer or mobile device without encryption.

2) Reduce Paperwork

It can be difficult and sometimes inefficient to eliminate all paper from business processes; however, you should stop printing as much as possible, unless it it’s absolutely necessary. Most vendors, like Payworks, offer self-service functions that allow employees to view their pay statements and year-end forms securely online. Not only is a paperless solution more secure, it’s also environmentally friendly and can be more cost-effective than printing.

3) Evaluate Your Workspace

This last step is a personal one. Questions you should ask yourself include: Do you keep your work out in the open or leave papers on your desk? Does your computer lock after sitting idle? Who has access to your files and desk when you aren’t around? Are there materials that should be locked up? Do you remove paperwork or files from the office? What would happen if something was lost or stolen from you while away from the office? Create your own strategy for maintaining information security at your dealership and stick to it. In the current climate of Information Security, we are all responsible for keeping our data secure. As attacks become more sophisticated, it’s no longer solely an arms race of technology, but of processes and people as well. Data thieves have realized that attempting to exploit technology alone is far less effective than acquiring information from your people, which is why having an alert workforce is key to successfully keeping your data safe. With a comprehensive company security policy and training, you and your employees will be equipped to keep all confidential payroll data and personal information secure.

Guest Author
Kevin Sokolowski
Payworks Vice-President Information Technology

Payworks is a national leader in the field of total workforce management solutions and provides secure online solutions for payroll, human resources, and employee time management to more than 14,000 businesses across Canada. Payworks has been a Canada’s Best Managed Companies winner since 2012, and is proud to be a Gold Standard winner in 2015. For more information, visit payworks.ca

 

Authors: 
Kevin Sokolowski

Comments