Organisations of all kinds, and their suppliers, can unintentionally be lax with their data and not realise the security consequences of their actions.
The cost, in terms of money, time and effort and the impact on the people whose data it is, underlines the need for a higher level of data management and the introduction of stricter data controls, especially in cases where companies allow their employees to bring their own devices to work (BYOD).
Not a week goes by without another organisation being subject to a data breach and the risk of this happening is only amplified by the proliferation of BYOD.
According to research carried out by Kaspersky Lab and B2B International, nearly half of those surveyed use their personal smartphone or tablet for work.
More than a third (36%) carry work files on their devices and 34% hold their work e-mails on their own personal device.
18% of those surveyed also admitted to storing highly sensitive or confidential information, such as passwords for corporate mail accounts, on their own device.
The issues surrounding connectivity
Unfortunately, many organisations feel that a major data breach will never happen to them.
But in an age where we are dependent on computers and connectivity, it is impossible to guarantee 100% security. So it’s vital that organisations take steps to secure data to minimise the impact of any breach that does occur.
In terms of security, the key lies in the level of connectivity of a system. Connectivity offers great convenience.
On the other hand, it also gives hackers the chance to get into the system. With technology that is critical to people’s lives, companies must be aware of the potential dangers and ensure that systems are as resilient as possible.
Where possible, technologies should be self-sufficient, removing the possibility for them to connect to the Internet.
>See also: Pokémon GO: a balance between work and play
If connectivity is a must, security measures should be put in place to carefully monitor any connections to critical processes, looking for abnormalities that might indicate a compromise.
The security challenge of BYOD
In theory, offering employees the option to carry out their tasks using their own smartphones and tablets is a great benefit.
Employers benefit from the cost saving and productivity gets a big boost.
However, what also receives a boost is the level of risk. BYOD devices contain business critical data which is normally protected in the work environment, but at the same time they might be used to connect to insecure systems.
This provides a chink in the corporate security armour that hackers can exploit.
With the popularity of BYOD showing no signs of slowing down, it is vital that organisations have solid security strategies in place to mitigate the risk.
Protecting every device that is able to connect to the network is vital, as well as a using a centralised management software system to distribute updates and software.
BYOD in practice
A significant number of employees involved in our research are not actively making an effort to protect data to which they had access.
Only 1 in 10 workers surveyed are seriously concerned about securing business information on their devices and less than three fifths (58%) of respondents protect their devices with passwords.
A number of preventative measures should be front of mind when connecting employees’ personal devices to corporate IT networks.
This should be regarded as a specific project; this is especially true for large businesses.
Every last detail of the integration process should be designed beforehand and this should ideally include an infrastructure audit, a design stage and a pilot implementation.
Protecting mobile devices
To effectively protect mobile devices, it is important to use a comprehensive solution that ensures security across the entire corporate network, not one that focuses only on mobile devices.
Without this, compatibility problems may arise and create extra work for system administrators.
Managing mobile devices
Managing mobile devices in a large business requires additional skills over and above those demanded by routine system administration.
It is worth ensuring that there are appropriately qualified IT security specialists on the team; and that they have the tools needed to centrally manage all mobile devices within the corporate network, ensure that all mobile applications are installed, removed and/or updated via dedicated corporate portals, and regulate data access levels and employee privileges.
It is imperative that employers educate staff about the potential dangers BYOD can bring to an organisation.
This includes stressing the importance of having a strong PIN/passcode for any device that is connected to the business network, and the risk of ‘jailbreaking’ or rooting devices.
Employers should also highlight the potential threat of conducting sensitive transactions on unreliable, public Wi-Fi networks, and the importance of only installing apps from trusted sources. Finally, employees must be aware that they should not store sensitive data on their devices any longer than necessary.
Most importantly, the business needs to develop robust scenarios for how to remove personal devices from the corporate network if they are lost or stolen, or if an employee leaves the company.
A procedure should be developed to remove confidential corporate data from these devices and block access to the corporate network.
Sourced by David Emm, principal security researcher at Kaspersky Lab