Personal Devices and Security: Keep Data Secure and Employees Happy

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://mspmentor.net/infocenter-cloud-based-file-sharing/080414/personal-devices-and-security-what-msp-s-can-do-keep-data-secure


A Workforce Mobilization study of over 5,000 companies found that nearly 62
percent of all employees are participating in a growing trend – using their
personal devices at work. Even if you’re not physically in the workplace,
81 percent use their smartphones, tablets, and laptops to email, access and
share company information.

On one hand, being able to use your personal device professionally leads to
greater overall efficiency and a well-connected workplace. But on the other
hand, the IT department loses all visibility into the location and use of
corporate documents and confidential data.

If a breach occurs, responsibility falls in the hands of the IT department.
But the use of personal devices has become so normalized that employees
circumvent IT solutions regardless. The following is a look at what managed
service providers can do to provide a solution that keeps both parties
happy.

The problem:

Employees are expected, if not required, to check emails, transfer files
and deal with corporate information on the go and outside of the office.
The big question is: how else are they supposed to do this without the use
of their own personal devices?

Since last year, the rise of using free file sharing apps and other
cloud-based apps has increased by 3 percent. And 72 percent of employees
who download and share work documents on their phone are doing so without
IT authorization.

This means file-sharing is occurring outside company fire-walls, making
sensitive or hidden meta-data within documents and confidential files
extremely susceptible getting in the wrongs hands. All it takes is
accidentally forwarding a document to the wrong party outside your
workforce, a document edited without approval, or a lost device, and your
client’s company has itself a full-blown security breach.

Many don’t understand the financial cost of a breach and the damage to
reputation when customer billing information, social security numbers,
legal documents and a whole range of other confidential data is leaked.

Perhaps the biggest issue is the normalization of such file-sharing
practices when there is so much at stake. Bosses rely on their employees to
carry out company tasks this way.

Ironically, it is the highly regulated industries with strict security
policies and yet 88 percent of professional services studied circumvent
security requirements, 78 percent of financial institutions and 78 percent
of legal services.

The Recommendation:

There is no doubt this issue is a double-edged sword. And with the rise of
smart technology, you can bet this problem will only become more
complicated and difficult to contain. So if IT can gain control over what
files are shared on personal devices, then that is a huge step in the right
direction.

Managed service providers can help IT departments offer better solutions by
equipping businesses with intuitive cloud based applications that cater to
the way people like to work so that they no longer try to bypass IT
solutions.

Finding out what features employees are drawn to on their personal
applications plays a big part in this process. For example, an application
with social media elements such as real-time updates, drag and drop
features, away messages, and presence indicators are all features that
people enjoy and use already in their daily life.

New best practice standards and governing policies should also be put in
place. For example, if a specific word like “confidential” appears within a
document, then only particular individuals should be authorized to access
it.

Ultimately, free cloud file sharing applications on personal devices will
continue to be the way employees and employers circulate corporate
documents unless a similar platform to the ones they are already familiar
with is introduced. The trick is for MSPs to offer an app that is familiar,
enjoyable, easy-to-use, and secure all at the same time.

If service providers can find a way that the IT department can deploy IT
sanctioned apps that employees love, they will be able to protect servers,
have control over files, and employees won’t feel the need to prevent
secure IT solutions.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!