MAKING IT SECURE IN THE FINANCE DEPARTMENT – WHY EMPLOYEE EDUCATION IS ESSENTIAL

Neil Bramley, B2B PC Business Unit Director, Toshiba Europe

Neil Bramley
Neil Bramley

CIOs today are confronted with an ever-evolving IT landscape, which brings opportunity and risk in equal measure. For every new device which enables enhanced productivity and the ability to work from anywhere, there is also one more potential security loophole within the business. Managing this balance between embracing workflow-enhancing innovations and ensuring strong security defenses is crucial, and so companies look to the senior IT team to help workers safely transition to new technologies and devices which can help them maintain a competitive edge.

While maximising both productivity and security hand-in-hand is a tricky objective, it is still the end goal and expectation many companies place on their CIO. The challenge is that behind every device there is a user, a user who is often the weakest link – even in the most secure IT infrastructure.

CIOs by definition tend to work within established companies with hundreds or thousands of employees, based across a multitude of departments and often over several regions. All staff have different technological requirements, and this is especially the case when it comes to security. Managing all of these staff is a daily challenge for IT departments, and IT education should be a central part of any strategy. But should they be focusing more on certain departments than others?

A Toshiba survey of senior IT decision makers across Europe found that finance staff are among the most likely to ignore any regulations put in place when it comes to using IT solutions without official approval, with 27% of those questioned stating this view. Financial data should be among the most securely protected within a company’s network, but human error can quickly undo any robust barriers that are in place. There is of course significant risk associated with the mismanagement of financial data, so it is essential companies focus on educating their finance staff on IT protocols and best practice, and the importance of toeing the line. Within the department, companies will not only hold their own financial records, but also potentially payment details for customers and partners which, if breached, would be severely damaging for all involved.

But this challenge goes beyond the finance departments, with Toshiba’s research showing that the majority of companies are experiencing difficulties of this nature. 84% of those surveyed said the unauthorised use of IT systems and solutions happens to some degree within their company, with 43% saying it is a widespread problem. This is most true with the hardware in use, where file safety is literally put into the hands of employees. For example, many staff may feel it is acceptable to use a personal device while working from home, lacking any in-built security barriers which should be in place when working outside of the office. In reality, it is essential staff consistently use business-built hardware which combines security with productivity-enhancing solutions. Devices such as Toshiba’s Portégé Z20t-C are built for modern business, and feature robust tools. In the case of the Z20t, Toshiba’s own BIOS provides enhanced manageability, while additional peace of mind is provided through the enhanced encryption and secure sign-in options of the Trusted Platform module (TPM) feature.

Ultimately, responsibility for IT security falls at the feet of the CIO, and any data breaches or attacks today can be critically damaging for a company – risking fines and destructive reputational damage. Technology can and must play an integral part in maintaining a secure IT infrastructure. Zero client solutions, for example, provide one way of addressing data leak issues, as they can provide a secure environment which moves all data, solutions and applications away from the potential vulnerabilities of a specific device, while also offering the freedom for different departments to embrace varied, hosted solutions. But equally important is the human touch, and CIOs must make sure all employees are well educated when it comes to the IT strategy and infrastructure put in place. If not, they will be the first to be held accountable for any security crisis. Many companies fail to invest in security defenses until they’re forced into action by a major incident – by which time it is often too late. It is imperative CIOs act now to ensure they and their employees are doing everything they can to safeguard the business against growing IT security hazards.