7 serious IT compliance mistakes you’re making right now

There are plenty of compliance requirements in the world of IT, everything from CJIS to HIPAA and in between. Today we’re looking at the biggest red flags across the board. IT compliance regulations can have a serious impact on your business. Failure to comply with many of these regulations can result in serious legal penalties—often substantiated with a heavy fine.

7. Sharing user accounts

First things first—IT companies need separate accounts for each employee. Failing to do so is one of the biggest mistakes found in corporate IT. Account sharing removes accountability and makes it much harder to monitor network activity across the business.

Single accounts also make it easier for IT support to determine who is responsible for a given action, like logging into the account or resetting the password. Instead of using shared accounts, give each employee their own account with a unique username.

6. Sharing passwords

The only thing worse than sharing accounts is sharing passwords. Passwords are designed to be a unique identification tool for the account it’s assigned to. In this case, a would be hacker only needs one password to access many different accounts. Sharing passwords removes the redundancy of having multiple accounts. Ease of use just isn’t as important when considering things like PCI compliance. You will save your team time and money by implementing a unique password requirement.

5. Keeping your passwords in a notebook

Passwords can be complicated to keep up with. They have special requirements, special characters, and too many numbers. Is writing down that complicated (and crucial) code really the best option?

Absolutely not! Writing down a password completely negates its intended purpose. It’s like leaving the key to your front door outside for anyone to use or copy. Improper password storage isn’t just a compliance concern, it directly impacts the security of your business. One of the best ways to combat poor password management is with consistent password rules and cyber security awareness training

4. Not changing your password

So you’ve got your own account, it has a unique password, and you’re certainly not writing it down. Everything seems safe and you’re ready to work, right? Not quite. Your new password may be compliant with regulations, but for how long?

IT companies need to be diligent about password reset requirements. One of the biggest hurdles faced in IT support is password management. For ideal security, passwords need to be routinely updated and changed.

3. Not locking your workstation

Standard office habits need to reflect the most ideal IT security standards. When employees walk away from their desk, are they locking their machines? User training can help ensure everyone is briefed on protocol. However, additional steps can ensure the machine is locked when not in use. Password protected screensavers can be programmed to launch after so many minutes of inactivity on the computer.

2. Unsecured login banner

Information security is a daily initiative for IT companies. When logging into corporate machines, employees need to be reminded of their role in network security. One of the easiest ways to ensure this level of compliance is to implement a secure systems banner. Every time an employee reaches a company login screen, they’ll receive a banner regarding security requirements.

1. No physical network security

With all the digital concern in IT security, it can be easy to look over the most glaring concern of all. Network security involves the physical security and maintenance of hardware assets. Without proper physical security, your business is open to serious compliance violations and potential fees. Things like network closet sharing and improper room access can result in a serious penalty for your team.

Implement security protocol within the office for everyone to abide by. Consider using security badges or codes to help monitor access to specific rooms. It should be easy for your team to determine who has access to network hardware and when.

We all make mistakes

Mistakes like these are easy to make, but they’re even easier to avoid. Don’t succumb to your own negligence. Introducing healthy IT security habits can bring your team to a new level of operation, or at the very least can help avoid serious legal penalties. Contact us today for more information about critical IT habits for a healthy workplace.

Leave a Comment

Sign up to join our cybersecurity awareness list, and we'll pop up in your inbox every two weeks — about twice a month, with tips and insight on keeping your company safe.