Consumerisation of information technology is forcing IT to take a new look at security. And, if you run a small to mid-sized company, with limited resources, it’s adding pressure.. With social media and BYOD (Bring Your Own Device) changing the whole working landscape, how do you protect yourself against the ever growing number of security threats – data breaches through the network, data leakage by employees, malware attacks and lost hardware?
Not long ago, no doubt, everything would have seemed that much clear cut to you, with the boundaries between people’s personal and work lives quite distinct. Now, that has all been turned on its head. Those boundaries have been torn down – with the estimated 22.5% of the time that we now spend online (according to social media watchdog Nielsen in ‘State of the Media: The Social Media Report’), putting enormous pressure on security.
You’ve probably all heard the hype that surrounds mobile devices and the ‘bring your own’ culture. In fact, most of you will already have dealt, or be dealing, with such challenges right now.
Much of that hype is depressingly negative, sadly, often with dire predictions of how organisations are going to be ever more dangerously exposed to the outside world of data muggers – lurking in the shadows and ready to pounce as soon as anyone dares to plug their smartphone or other treasured gadget into the corporate network.
As a result, the language often used about BYOD is both highly emotive and scary. Some businesses have reacted by banning such devices altogether. Others accept that it is inevitable and have opened their doors to it, seeking to turn it to their advantage.
The former of these camps – the naysayers – could be storing up big trouble for themselves. Because BYOD is here to stay and perhaps become more widely embraced, until it’s as pervasive a force within any organisation as the PC itself.
Why do they say no to BYOD? The perceived disruption and inconvenience have a lot to do with it. As does fear. At its worst, in their eyes BYOD has an element of the wild west about it. You bring in your devices and all hell breaks loose. They see it as something that will spiral out of control and compromise network security, no matter how many marshals they swear in to keep the peace.
And their fears are not without justification, as some companies are clearly better at curtailing the worst excesses of BYOD than others. Some countries, too. One report released by Imation Mobile Security recently says half of the German respondents to a survey claimed they always followed company rules around BYOD, as opposed to only 36% of those polled from the UK. In fact, 18% of UK-based respondents admitted to ignoring the guidelines, even though they were aware of them. I wonder how many people reading this are surprised/unsurprised by those statistics?
However, the figure of blame doesn’t point only at the workforce. The Imation Mobile Security study suggests that, for most UK businesses, security checks have not been made mandatory and 92% of IT managers do not require employees to regularly change passwords on their devices used for work. Not the best way to handle BYOD, you might think.
The reality is that businesses really do need to evaluate whether BYOD is the right approach for their organisations, and implement company-wide BYOD policies and procedures to minimise potential security risks, if they choose to do so. One of the big concerns is that confidential, work-related information increasingly passes from work computer to personal device. So, yes, while it’s certainly a trend that can enhance the productivity of employees, it needs to be carefully managed as well. As soon as a device connects to a business's system, it should be subject to the same security safeguards as company equipment. A fully integrated BYOD scheme and policy is vital.
For more information on website security download the Symantec website security threat report