I was speaking with a colleague and friend yesterday. He’s just left an organization in the outlying Washington, DC Metro area for a larger one directly downtown.
My friend is about as savvy as they come regarding computer use, online peril, and so-called netiquette. But surprisingly, he doesn’t know what the Acceptable Use policy is at his new organization, or if they even have one.
He did know the situation at his former place of business: They most definitely didn’t have one. The place was a mess in terms of Content Management, Acceptable use, Security, and other formalizations, expectations, and just simple courtesies of informing workers about standards, adherence, and expectations.
But this new place is supposedly a little more refined, larger, has a bit of longevity, and certainly should know better than to be remiss about standard policies – to say nothing of a prudent survey for budding challenges and timely considerations of those – in establishing and evolving policies in match.
I don’t know about you, but I like knowing what’s allowed, and what’s not, and I like remaining squarely within best practices and operational principles in not only leveraging systems and access to best business outcomes, but also leveraging that for best protections. Call it general business surety.
The overwhelming majority of people (at least in this readership) want to do the right thing. People are interested in:
1. Remaining outside the sphere of trouble.
2. Upholding and bolstering their organization’s reputation through solid
contributions and deliveries.
3. Remaining within safe and sure business, and allied technical operations.
Organizations, for their part, must perform due diligence for states of security – inside and out – and keep policies up to date. Any workforce is entitled to know its organization’s stance regarding threats and protections, and the position of those to the organization’s vulnerabilities. They then must be made aware of the subsequent bouquet of policies, procedures, schedule of training, and pro-active notifications – all in service to thwart of threat.
Business should have their IT department survey for what other organizations are doing: Orgs of your similar size; in your market; in your geographic area. It’s a start. Begin to determine what low-cost/no-cost protections can be mounted inside, by institution of appropriate behaviors and practices. Then, forecast (budget) what protections need to be mounted through the help of solutions-providers… vendors.
If you don’t have budget presently, at least get the markers on a 5-year plan or something similar. Whether you’re on the “business” side or “IT” side of the equation, you can also write tangential position papers regarding future’s streaming challenges, with the matching answer to them.
But whatever you do – don’t remain vulnerable. Be fully informed, reasoned, and straightforward in making any gaps and concerns known.
On this day (Sep. 1st): In 1858, the first transatlantic cable failed after less than one month. If at first you don’t succeed…