Turn systems off when not in use. Chip Mesec, director of product management at Network Associates, a provider of network security products, puts it this way, "You can’t use a computer if it’s switched off." Indeed, getting employees to switch off systems at night and on weekends is one of the best ways to avoid someone using it—especially if password protection is in place.
Rely on encryption when sending sensitive e-mail. The latest generation of encryption tools, including Network Associates’ PGP and Symantec’s For Your Eyes Only, allows a user to click an icon and encrypt a file. Such software can be used on a local system—along with password-based decryption—to ensure that a file can’t be read by anyone else. Encryption also should be used for sensitive or confidential e-mail—particularly when it’s being sent across the Internet.
Maintain clearly defined policies. When employees know what’s expected of them and what actions they’re supposed to take, it’s far easier to ensure they’re following policies and guidelines. It’s a good idea to publish rules and regulations in an employee handbook or on a company intranet.
Provide ongoing education and reinforcement. It’s not enough to provide a security briefing at an orientation. Employees should receive regular news and updates via a company newsletter, e-mail or through an intranet Web site. It’s also a good idea to create visual cues that reinforce the importance of security. "If you create an environment in which there are reminders, paper shredders and spot checks, people are going to think a lot more about security in general," says AT&T’s spokesperson Burke Stinson.
Workforce, May 1998, Vol. 77, No. 5, p. 54.