Often in a smaller organization, there is the technology “duty expert” who is the go-to guy or gal for all things computer before calling in the “computer guy.” Often this person is solicited for advice such as “can I connect this to this” or “how do I get this file from here to there.”
Unfortunately, what was missing was “is it safe to do so?”
Despite the implicit and explicit concerns of most organizations in regards to data and system security, we allow dangerous circumventions of organizational policy for the sake of convenience and expediency.
Oh, you say that you don’t have a policy? Tsk. Tsk.
If we begin with the assumption that most colleagues want to do the right and safe thing, then it is incumbent on the organization to detail the rules. Make sure that the rules make sense for your organization’s culture and technical architecture and then ensure that everyone knows those rules.
Look at this article for some things that you should be concerned about and then figure out a solution that works for you. Or call in folks who can help you figure it all out. Like us.