IT security can make or break a business. Staying protected is becoming ever tougher and more urgent as workforces increasingly go off-premises, expanding layoffs expose companies to meddling of disgruntled former employees, and state-of-the-art policies are only sporadically enforced.

Thousands of companies have already gone broke over external and internal security breaches. In the area of remote workforces, security challenges are especially daunting. While working off-premises poses obvious security issues, too often they receive little or no attention.

Of course, security fixes can require costly hardware and software, as well as expensive implementation expertise. So, key to success is design and implementation of state-of-the-art IT security on a budget—being mindful of dedicating limited resources to top-line priorities first. In this way, companies can avoid trying to “eat the elephant in one bite,” which is a surefire path to frustration and failure.

An April 2009 survey report posted on FoxBusiness.com points out, “Amid tightening budgets and streamlining operations, most companies are still relying on antiquated security procedures that don't take the actuality of widespread corporate layoffs, or the realities of a more virtual workforce into account.

“According to a new survey of U.S. security industry professionals, 14 percent of former company employees still have access to proprietary data and organizational information, revealing critical deficiencies of corporate security policies.”

Key survey findings were:

1. While 90 percent of companies now employ off-premises workers, they continue to “use basic passwords and new employee set-up policies that make it easy to introduce vulnerabilities.”
2. Even though three-quarters of respondents have policies for such basic functions as periodic password changing, only 20% offer an automated password update function that forces employees to change it—heightening security risks.
3. Simplistic security practices around new-employee access make it easy to intrude. More than 90 percent of those surveyed reported that there is a standard format for such critical functions as email address and password setup—making it easy to intrude upon a new co-worker’s access to critical company resources.

Compounding the problem is comprehensive security policy unmatched by diligent practice. Put another way, too often solid regulations are unenforced, leading to security chaos.

A February 2009 report posted on the British Computer Society website points out, “Recent studies have shown that most employees, including IT staff, are often unaware of corporate security directives or even tend to ignore them... while most security administrators have the best of intentions, manual policy analysis and periodical audits is neither efficient nor effective.”

The preferred solution is to automate security processes. The article notes that a good solution will:

1. “Continuously monitor firewall and other security device changes, compare them to the corporate security policy, and send out alerts if the policy has been violated.
2. “Track and report all changes in a uniform, simple and straightforward style.
3. “Provide a vendor-neutral, top-down view of all security infrastructure that an executive can understand.
4. “Enable security administrators to test a change against security policy before it is implemented, to assess and avoid risk.”

As real security threats mount, and pressure to combat them becomes even more pervasive (e.g., increased regulatory compliance scrutiny), the time is now to get and stay on top of this critical area. Our Business Leaders Webinar series continues with Network Security from 12:00 – 1:00 on Wednesday, May 27. We will address emerging threats and recovery costs, how compliance issues are driving security measures, and mitigation strategies and tactics. Solutions will look at priority-setting, real world options to build a secure system with limited resources, key areas that can be outsourced, and intelligent security implementation.

To register for this free webinar, click here.