Earlier this month, I posed the question: Does your company need a security audit plan?
A good security audit will show that most security breaches are preventable. An article at IT Security lists 15 top reasons why business security is compromised. The reasons range from outdated software and poor spam filters to outsourced IT and poor physical security for equipment. I've heard stories of employees propping open doors in buildings and offices that require security badges and pass codes for entrance-not exactly good security practices.
To prevent these breaches, companies need to develop and enforce solid security policy plans. Enforcement is the key word here: If employees aren't held responsible for their security miscues, even the best security plan won't work. And unfortunately, most executives don't penalize employees' security fails until the data is actually compromised.
At that point, businesses may have to pay steep consequences. CTO Dale McNulty wrote in a multi-part article for Surrex Consulting:
"Firstly, management has personal liability in safeguarding data assets. In fact, that liability can mean jail time and fines. Secondly, it has been demonstrated repeatedly that education and training increase return of investment for the organization."