BreachExchange mailing list archives
Personal Devices and Security: Keep Data Secure and Employees Happy
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 5 Aug 2014 18:51:57 -0600
http://mspmentor.net/infocenter-cloud-based-file-sharing/080414/personal-devices-and-security-what-msp-s-can-do-keep-data-secure A Workforce Mobilization study of over 5,000 companies found that nearly 62 percent of all employees are participating in a growing trend – using their personal devices at work. Even if you’re not physically in the workplace, 81 percent use their smartphones, tablets, and laptops to email, access and share company information. On one hand, being able to use your personal device professionally leads to greater overall efficiency and a well-connected workplace. But on the other hand, the IT department loses all visibility into the location and use of corporate documents and confidential data. If a breach occurs, responsibility falls in the hands of the IT department. But the use of personal devices has become so normalized that employees circumvent IT solutions regardless. The following is a look at what managed service providers can do to provide a solution that keeps both parties happy. The problem: Employees are expected, if not required, to check emails, transfer files and deal with corporate information on the go and outside of the office. The big question is: how else are they supposed to do this without the use of their own personal devices? Since last year, the rise of using free file sharing apps and other cloud-based apps has increased by 3 percent. And 72 percent of employees who download and share work documents on their phone are doing so without IT authorization. This means file-sharing is occurring outside company fire-walls, making sensitive or hidden meta-data within documents and confidential files extremely susceptible getting in the wrongs hands. All it takes is accidentally forwarding a document to the wrong party outside your workforce, a document edited without approval, or a lost device, and your client’s company has itself a full-blown security breach. Many don’t understand the financial cost of a breach and the damage to reputation when customer billing information, social security numbers, legal documents and a whole range of other confidential data is leaked. Perhaps the biggest issue is the normalization of such file-sharing practices when there is so much at stake. Bosses rely on their employees to carry out company tasks this way. Ironically, it is the highly regulated industries with strict security policies and yet 88 percent of professional services studied circumvent security requirements, 78 percent of financial institutions and 78 percent of legal services. The Recommendation: There is no doubt this issue is a double-edged sword. And with the rise of smart technology, you can bet this problem will only become more complicated and difficult to contain. So if IT can gain control over what files are shared on personal devices, then that is a huge step in the right direction. Managed service providers can help IT departments offer better solutions by equipping businesses with intuitive cloud based applications that cater to the way people like to work so that they no longer try to bypass IT solutions. Finding out what features employees are drawn to on their personal applications plays a big part in this process. For example, an application with social media elements such as real-time updates, drag and drop features, away messages, and presence indicators are all features that people enjoy and use already in their daily life. New best practice standards and governing policies should also be put in place. For example, if a specific word like “confidential” appears within a document, then only particular individuals should be authorized to access it. Ultimately, free cloud file sharing applications on personal devices will continue to be the way employees and employers circulate corporate documents unless a similar platform to the ones they are already familiar with is introduced. The trick is for MSPs to offer an app that is familiar, enjoyable, easy-to-use, and secure all at the same time. If service providers can find a way that the IT department can deploy IT sanctioned apps that employees love, they will be able to protect servers, have control over files, and employees won’t feel the need to prevent secure IT solutions.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Personal Devices and Security: Keep Data Secure and Employees Happy Audrey McNeil (Aug 12)