Don’t Try to Do This Alone
“Perfect” security simply doesn’t exist; remember—security is a process, not a destination. No system or set of procedures that relies on people or mechanical devices is beyond penetration or error. As they say at Homeland Security, “The bad guys just need to be lucky one time; we have to be lucky 100 percent of the time.” You need to enroll all of your coworkers in the “doing the right thing” philosophy of the Ethical Office.
Kathy Sorrell, CPS, of Growing Family, Inc. in St. Louis, Missouri, stresses the importance of establishing a security policy and then communicating it to all employees:
If you don’t already have a company policy regarding security, make it a number one priority. The policy should detail specific issues and consequences in the case of violations. Have a statement available that every employee must read, sign, and file with HR to ensure that you’ve communicated the policy clearly.
To get your coworkers involved, you’ll need to find a balance between security needs versus user convenience. If security measures are too complicated or time consuming, people tend to ignore or circumvent them. We’ve all heard of situations where the crime occurred when the security system wasn’t turned on, doors that should have been locked were propped open or the safe wasn’t closed. Walk into many offices and you will find the passwords posted on little yellow sticky notes attached to computers and keys under the mouse pad!
You cannot overcommunicate ...
Get You've Got to Be Kidding!: How to Keep Your Job Without Losing Your Integrity now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
