There's nothing worse than a perfectly normal workday being interrupted by the stark, frightening realization that your office is at serious risk of a data breach – or worse, that it's currently undergoing one. While IT may set security protocol and policies, everyday security management often falls under the responsibility of the office manager. Here are six tips to identify potential security risks and prevent breaches before they happen.
1. Educate During Onboarding
Let new employees know that you're serious about security management during their very first day of orientation. This is your initial chance to review any security policies and reinforce any best practices you expect your team to follow from that point forward.
However, education can't stop after the employee's first days. Schedule regular trainings in your company calendar to review best practices, such as password management and internet safety, and require staff to attend. Also, maintaining a list of unauthorized software and websites that your staff always has access to is paramount. If new websites or programs get added to the list, send out a companywide notice to update staff.
2. Order Company-Approved Hardware
If you're responsible for ordering computers and other hardware, make sure the products you're purchasing come off the list of approved devices. If your company doesn't have such a list, work with your IT department to identify proper choices. Your new employees will need devices to help them complete their work, so order early to ensure you have everything you need on time.
3. Enforce Password Best Practices
A password management system will automate the process for you, but if investing in one isn't in the budget right now, you can still create systems to remind your staff to update their passwords. Set automated emails with these notices every 30 to 60 days — and tell your staff that this means all passwords, not just the main login screen for their computers. Request that employees in your office respond back to you, confirming all passwords have been updated within 24 hours.
4. Keep Software and Hardware Up to Date
Hardware is also important to keep current, but what do you do with your old laptops, printers, tablets and other devices after they've served their term? If you find yourself recycling hardware, make sure all data has been removed before you retire any device. A clear policy on how to wipe data from a computer protects privileged information about the company, employees' personal data and potential confidential client notes from falling into the wrong hands.
5. Determine Access Roles
Security management starts with setting tech policies, but you can ensure employees aren't accessing information they shouldn't be by limiting their digital reach.
Human error accounts for 62 percent of data breaches, according to Egress, and something as simple as an easy-to-guess password or clicking on a phishing link opens your organization up to massive security risks. Access roles will help limit the information your staff could accidentally leak. As an office manager, you can keep an organization chart of who should have access to which files and folders, and update it as necessary for senior management and the IT department.
6. Terminate Access When Employees Leave
Internal threats can turn into external threats when employees are fired or leave a position feeling unsatisfied. Make it a priority to contact IT as soon as employment ceases to remove a former employee's access to anything on your network. Similarly, initiate a quarterly sweep of your system to terminate any accounts of former staff who slipped through the cracks.
Cybersecurity can seem like a daunting task, but working in conjunction with your colleagues in the IT department can bolster efforts to keep the company's data safe and increase your visibility as a go-to resource in the office.