Many of my Indianapolis small business computer support customers ask me what additional things they can do to ensure their data security. They all have the expected firewall, anti-virus software, anti-phishing software, and password protection in place. Most have tightened their password policy to require more difficult passwords and periodic changes. So, when they ask what else they can do, my response is usually to tell them they need to train their staffs on the importance of information technology security.

I mentioned in a previous post that an incredibly large number of people in a random survey admitted to have visited pornographic sites while at work in the previous 30 days. Now a new survey reveals that about half of people say their corporate data security policies are largely ignored. Nearly half admitted to have shared their password with another employee or contractor, and twenty percent have turned off their anti-virus or firewall.

Add to that the increase in power of mobile devices and things get even scarier. How many of your staff members have a complete list of all of your corporate contacts in their cell phones? Do you even know for sure? What about those who transport corporate documents by copying them to a USB flash drive? Is anything ever encrypted?

Nothing your computer consultants do can prevent things like password sharing. We can create rules that prevent some of the other abuses, but in the end, you and your staff are the weakest link. If everyone in your organization doesn't follow the guidelines in your Acceptable Use and other Network Services policies (or if you don't even have them), your data and network resources will remain at risk.

In the end, if someone wants to get your corporate data specifically, you can't do much to prevent it. However, you should take the steps to ensure you've done the common things that prevent data loss or resource compromise. Your network consulting company can offer some guidance.