I just started at a company with a rather outdated IT department. We've got a 70-year-old guy who struggles with basic tasks like using Google Drive, and an art major who claims to be 'good with computers.' Upon joining, I've noticed a lot of concerning practices, like sensitive information including passwords and API keys being stored in openly shared Google Docs and discussed in a public Slack channel. What steps can I take to enhance security and protect our data?
5 Answers
Prepare for a lot of resistance since people can be very attached to their routines. It's essential to provide clear alternatives when you present new security measures. Make sure they understand the benefits of changing these 'outdated' practices, otherwise, you might hit a wall of reluctance.
First things first, find out who truly makes the decisions. Prioritize establishing access controls and role-based permissions to protect sensitive data. Once you've done that, document everything to help make your case for gradual improvements. This will position you to clean up without ruffling too many feathers right off the bat.
Locking down document permissions should be priority number one. Audit and restrict sharing settings in Google Drive. You should also look into implementing data loss prevention controls if possible, which can help monitor and manage sensitive information. Educating your team about basic security practices, like never sharing credentials publicly or in Slack, can go a long way too.
Your ability to implement change really depends on your role. If you're a manager or have authority, you can push for significant improvements. However, if you’re just starting in a lower position, getting buy-in from senior management could be a challenge. Start by assessing what you can realistically change based on your influence.
Definitely agree. If you’re in a management role, you have more power to enforce policies. Entry-level roles might require patience before you can create real change.
Make a plan focusing on security and data integrity. Understand the friction you're creating for others in the workflow—I learned that when I took my role over, the old methods were deeply entrenched. Look for small wins that can establish credibility while focusing on bigger solutions. Document your strategies and involve the team in improving practices.
Absolutely! It’s all about communication and getting buy-in. When I started, I had to show the team how changing a few practices actually made their workflows easier.
100% agree. It’s crucial to have management support when tackling security practices. Start with low-impact changes to gain their trust and build from there.