Story image

ICT safety & security

01 Nov 10

Like schools and home, businesses and community organisations need to establish safe internet environments. Every organisation that uses basic tools like the internet and mobile phones needs to have a robust cybersafety framework in place. If your employees accidentally come across inappropriate material in the workplace or are aware of a breach in ICT security, do they know what to do? Do they even know what counts as a breach? Who should they tell about it?
Breaches can happen in any number of ways.  People can accidentally compromise ICT security.  Employees can unwittingly aid cyber criminals to reach your networks by bringing in their personal IT equipment which could be infected with malware. Having a policy in place for your employees ensures everyone is using their ICT equipment for the benefit of the company, and that the inevitable risks are minimised.
What is a breach?
A breach in ICT safety and security is any technology-based event that might damage your company. It might be as simple as employees wasting time surfing the net, or as complex as the theft of sensitive data through malware. 
Malware has evolved from the self-reproducing viruses made to crash computers in the ‘80s, into the highly technical tools used by gangs of cyber criminals to steal passwords, credit card details and identities of today. 
With appropriate internet security systems and policies, employers can avoid malware affecting their networks.
Malware can be brought into company networks with employees’ personal IT equipment – laptops that are used both at home and at work, USB sticks and mp3 players, email attachments and social networking websites. Recent research suggests that three-quarters of data breaches are generated by internal sources. 
What’s the threat?
It could be argued that staff members are a bigger threat to company IT networks than cyber criminals. On top of access to passwords and administrator privileges, employees usually know what is worth looking for and sharing with competitors. By making sure your networks are secure and ensuring all your employees have an understanding of ICT policies and procedures, you are lessening the chances of a data security breach both internally and externally.
What should SMEs do?
First and foremost, having an IT policy is recommended by all internet security experts. The Whatsit? is a useful guide to creating your own personalised policy. As with other safety policies and procedures, such a document can help protect your staff and your clients from harm.
Companies from a two-person start-up to big corporations with IT departments should all have IT security policies in place. This will assist in helping staff identify security breaches and understand what to do when they come across one. Any ICT safety or security breaches should be reported and recorded; this is essential in tracing the source of the breach and ensuring it won’t be repeated.  Keeping a cyber security log in the same way that first aid reports are kept is an easy way of tracking ICT security issues.
There are two main aspects to implementing an effective cybersafety framework:

  • Establishing a safe internet workplace environment for your employees

  • Educating staff about their role in the maintenance of a safe cyber environment.

An IT policy should be specific to your organisation’s requirements.
Resources – a toolkit to help employers create an IT policy specific to their organisation’s requirement. It defines obligations, responsibilities, and the nature of possible consequences associated with breaches and behaviour deemed to undermine the safety and professionalism of the work environment. There are units for staff to complete, and you can create your own IT policy for staff to sign. – a cybercrime-fighting website designed to streamline all of New Zealand’s cybercrime complaints and then direct them to the responsible agency. 

Three ways to improve mental health support in the workplace
“Instead of scrambling into action after a crisis, employers need to be more proactive in supporting employees."
Samsung joins a global league of AI experts
“As a member of the PAI, Samsung will strive to facilitate the ongoing progress of artificial intelligence.”
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
Kordia launches Women in Tech scholarship at the University of Waikato
The scholarship is established to acknowledge and support up-and-coming female talent and future technology leaders.
Mastercard opens Global Tech Hub in Sydney
"Enterprises, SMEs or startups are now able to bypass legacy approaches and develop innovation at an accelerated pace."
Kiwis concerned about being scammed – survey
This unease is warranted given the growing sophistication of scammers and their activities, and numbers of attempted fraud.
With a mighty roar, Rocket Lab blasts off to space
Success! It definitely was business time for Rocket Lab yesterday as its Electron launch vehicle blasted off from the Māhia Peninsula yesterday (November 11).
Commercial drones will only take off if safety is paramount
New Zealand’s commercial drone services could be ready within the next two years, but only if enough research is done to make certain that the public is safe.