The facts are this: IT isn't safe from budget cuts – but that doesn't mean that the risks and dangers that existed when you had a full team are likewise going to be cut in half. Are you prepared to do more with less? Have you considered how to handle a full compliment of IT risks when you have less than a full compliment of IT staff? This post by Chris Stoneff focuses on how small to mid sized organizations can maintain a high level of security for their organization. His high level tips include:
- Make sure users are doing upgrades regularly
- educate users
- make IT and the help desk paranoid about the network
- manage passwords more effectively
Each of these high level tips is broken down to provide actionable items. Take for example the education of users – something that can not only cut down on help desk calls and expenses, but also create a front line force to help secure the company's technology: 3. Educating users about:
- Opening email from hostile entities. Cover phishing, spear phishing, attachments, etc.
- Social engineering – so that access is not granted to those with a silver tongue
- Going to “interesting web sites” and downloading “fun” content that’s actually hostile malware
- Bringing in their own USB sticks or phones, and inserting these devices into their machines and potentially infecting the network
- Letting other people, such as family members, use company notebooks at home to surf the web or access email
- Key loggers – what they are, why they’re a threat, etc.
IT not getting it's regular, expected budget doesn't mean that it needs to sacrifice good security practices. A cut budget, while not the preferred situation, can lead to an expansion of innovation, user involvement, and optimization.