Saturday, May 08, 2010


By this time many regular readers of this column will have learnt that information technology security is increasingly becoming a serious concern for many Kenyan companies. This is because information has become a valuable currency that sustains businesses.

Access to timely information of a high quality can mean the difference between survival and bankruptcy of a business entity. Ensuring information is secure cannot therefore be overemphasized.

A company’s information technology infrastructure consists of people, processes and technology. These three elements have to be managed concurrently if data security is to be achieved. This task is usually left to the IT Security Officer/Manager. This is a mistaken notion because the IT Security Manager is ultimately you.

Every employee with access to data in a company is often considered one of the greatest risks. The presence of policies, frameworks, risk management solutions and other security features is usually defeated by the lack of personal responsibility on the part of employees. Information security tasks should therefore be carried out by each individual.

Companies have in the recent past increasingly become more dependent on Information Technology. The potential damage that can be caused by a security breach is severe at the very least. This means that if employees play their parts then the whole becomes more secure.

We should therefore have management and staff adopting a more active role in the adoption and implementation of security measures. To be able to achieve this, the roles and responsibilities of each employee, in relation to information security, should be clearly outlined and communicated across the whole company.

Apart from this, management should keep security policies and documents updated and current. This would assist employees adopt best practices that are at tandem with the ever changing tactics of hackers.

To effectively empower the employee the company should develop a programme for training on security awareness for all staff. This programme should target all irrespective of whether they are computer users or not. To ensure this sensitization effort succeeds it should be continuously adapted and improved on the basis of the feedback received from the employees.

Security managers are therefore everywhere and more personal responsibility on the part of company staff should be encouraged by management in companies that rely on information technology for operations.

No comments: