Recently we revealed our latest research looking at internal threats in UK organisations. What we found most compelling was how the evolving security landscape is creating new and ever changing threats to businesses. In addition to the lack of awareness internally that we touched on last week, changing and evolving new technology trends and business practices such as mobile, BYOD, social collaboration and cloud computing all combine to create perfect security storm conditions. Add to this the human error aspect and it is easy to see how these issues are threatening to create the perfect security storm.
A key factor to the security storm is ‘Bring Your Own Device’ (BYOD) an unrelenting force, driven by employees’ desires to use their own familiar (and sometimes better) equipment that will help them do their job. However, the management of BYOD and control of the corporate information they hold must be addressed through improved security policies and technology. Improved awareness training for all staff is essential so that they fully understand the risks and consequences, in order to minimise security incidents. Our research found that only 31% of organisations are accepting or proactively managing BYOD – the rest are resisting and blocking access where possible (52%) or denying it altogether (11%). This is despite the belief by half (53%) of the respondents that users will continue to use their own devices on the network, whether it is sanctioned by IT or not.
How do businesses overcome this security storm? Increasingly security needs to be dealt with across the business and not just in the IT department, for example when it comes to staff, open and transparent policies that offer clarity are a must. Regular training is required, to promote understanding so that staff take more responsibility for the information on their doorstep. While it is hard for security policies to keep up with the speed that business practices are changing (72% said they were struggling to keep up with the security landscape), it is essential that this occurs. Think about BYOD and the policies you will need to keep your corporate information safe and the staff using them productive. Here’s a top 5 items to consider in your BYOD policy:
- 1) Ensure that the device has a password to access it.
- 2) Consider deploying an MDM (Mobile device management) system to encrypt corporate data.
- 3) Consider a policy to restrict the applications that can be installed to prevent corporate data automatically being ‘backed up’ to the cloud – and out of corporate control.
- 4) Insist on a suitable replacement and maintenance plan so that if the device is lost or broken, the employee remains productive.
- 5) Change staff leaving processes to ensure that all corporate information is removed from the BYOD device before the employee leaves the company.
Remember that even if your organisation is not on the frontline of national infrastructure or a multi-national your staff and computer systems will still hold information that is valuable to someone, somewhere and it is up to you to protect it.