As the saying goes, “Old habits die hard,” and that saying rings as true in IT as it does in life. Some old habits are still helpful. For example, it is always wise to avoid shopping on unsecured wireless networks as well as avoid simple passwords.
That being said, we often cling to those practices that served us well over the years. It is not easy to let them go. Like when your mother tells you to avoid the pool shortly after a meal. She has good intentions, but her advice is not very helpful. IT professionals sometimes act like overprotective parents and cling to outdated habits and practices.
Do not feel bad if you are still practicing some of these habits. The goal is to reflect on those habits all of us take for granted and ask ourselves if they even provide value. If they do, keep practicing them. If not, use the halfway point of 2018 to adopt a fresh perspective and set aside those habits that have worn out their welcome.
Backing Up to Only USB Drives
There was a time when backups were optional. Users did not create much content outside of a few documents. Some users considered email their backup plan. IT would put a plan in place, and nobody would use it outside of IT. One solution IT came up with was to issue USB drives, especially for laptop users. Though this is a better option than no backup at all, far better options exist today.
Unfortunately, nothing lasts forever, and hard drives will die. That is a fact of life and drives inside USB enclosures do not last long because of the beating they take. Drives are easily misplaced or worse, are lost while the contents on the drive are not encrypted.
Installing a dedicated backup appliance or cloud service where backups are performed automatically are better options. They are also more reliable, scalable, and automated which takes some of the burdens off the employee. If you must use an external drive because of privacy issues or you work in an area with flaky internet, make sure to encrypt the drive.
No or Low Encryption for WiFi Networks
WiFi is one of the thorns in the side of IT departments because it is supposed to simplify accessing the internet. Employees immediately notice when an added layer of security means more work for them.
Avoid using WEP encryption. It is too easy to crack. WPA is a slight improvement, but you are better off using WPA2. It is also essential to educate your employees about why a secure network benefits everyone at the company. Monitoring WiFi will tell you if employees are using WPA2 or merely jumping on the open Guest network.
IT should create a robust wireless network name and avoid popular or generic names. They should also ensure the wireless routers are running the latest firmware.
Ignoring Mobile Phone Security
Mobile devices are not only here to stay, but they are often the device of choice for employees today. Securing laptops, tablets, and phones is a critical part of maintaining a safe computing environment. And yet it is one area that often gets overlooked.
Some companies use a VPN to secure traffic while employees are using WiFi hotspots. At the very least, they should be using SSL encryption when web browsing. Android and iPhone are the dominant mobile platforms today. Standardizing on one platform may improve security, but may be impossible unless the company issues devices. In fact, many companies have a Bring Your Own Device (BYOD) policy. Make sure your mobile security platform matches the tools employees use and how they use them.
Not Taking Breaks
IT can be a sedentary job, so taking a break to walk around or catch some fresh air can improve your health and productivity. Encourage all employees to do the same because it will help increase blood flow issues that affect health as well as reduce eye strain from staring at a computer screen for hours.
IT is susceptible to working overtime or outside of business hours which can cause fatigue or wreak havoc with your sleep schedule. You cannot always avoid working long hours, but doing so should not be the norm. Going without sleep and regular breaks can cause stress and drastically reduce your productivity.
How often should you take a break? About every 60 to 90 minutes.
Not Requiring Strong Passwords
If you do not require strong passwords, start today. There will be blowback. Many employees get accustomed to using the same password to log in their company PC, bank account, and Netflix accounts. This is a dangerous practice, but one you can put a stop to immediately.
Not only should IT require strong passwords, but they should also need password changes every so often. Some companies require them every 90 days, while others may go 6 to 12 months before requesting a replacement. Require them too often, and you might find passwords on Post-It Notes hung from monitors around the office.
It is never too late to start new habits. In addition to exercising more and eating better, consider the patterns you have formed over the years while working in technology. Many practices will still be applicable, but some may need updating or replacing.