When my late son was in preschool, he had a teacher, Mrs. George, who used to tell her students that she would grow hairy teeth if they didn’t obey the class rules. Luckily, she developed a sense of humor toward my son’s regular antics. He was smart but not overly interested in class rules or social engagement.
Don’t worry, I won’t grow hairy teeth…as long as you keep reading today’s tip in honor of National Cybersecurity Awareness Month.
The reason I share this story is because of the “teeth” reference and something I have discovered. Too often organizations adopt what appear to be good policies on access, authentication, data retention and the like – even if they are just revisions of Internet camera ready templates – and then consider their work done. The policies may be reviewed once a year before an audit, but they aren’t viewed as living documents with consequences.
My point is this…Having an acceptable use policy, for example, is a good thing, but having one that has teeth – that is enforceable and is enforced – is better. If you aren’t willing to terminate an employee for accessing social media sites for a couple of hours each day – the consequence spelled out in a policy – is the policy an effective deterrent? (I’ll save the discussion of how this affects employee morale, productivity and the bottom line for another day.)
Today’s tip is to review your organization’s policies that address cybersecurity. Are they well written, clear in their expectations and enforceable? Then ask yourself, when was the last time an employee violation took place? How was the situation handled? Did you comply with the policy? If your organization doesn’t have any policies, then today is the day to add that to your to-do list.