89% of Employees Apparently Don’t Care About Mobile Security
IT security has a big job: keep corporate data safe in the face of motivated hackers and unaware employees. Today that job is harder than ever — employees are bringing their own devices and applications into the office every morning, and walking out the door with corporate data every night.
The intention behind Bring Your Own Device and Bring Your Own Apps is good: Employees want to be productive away from the office. No one wants to carry around two smartphones, or truck around two laptops while they’re on the road. Cloud-based work apps excel at document version control, are accessible everywhere, and help teams cut down on email as a collaboration tool.
The reality of BYOD and BYOA is more troublesome: If your company is one of the estimated 26 percent with no official BYOD policy in place, employees will load work email and work documents on their personal mobile devices anyway. If a company fails to give their employees the cloud-based apps they want, they’ll simply use the app’s consumer-grade version. Thousands of unsecured laptops and smartphones get lost or stolen every week. It’s estimated that 43 percent of U.S. companies have experienced a data breach in the last year alone.
Given that backdrop, ask yourself — how many mobile devices are out there with your company’s data on them? The answer might surprise you.
In a recent survey of more than 12,000 people, security software maker Kaspersky Lab found roughly half used personal smartphones, tablets or laptops for work, 36 percent kept work files on their personal devices, 34 percent accessed work-related email from personal devices, and somewhere between 11 to 18 percent carried around corporate passwords.
Asked about it, just 11 percent said they were seriously concerned about keeping work-related information secure on their personal mobile devices.
If your company doesn’t have formal policies in place around personal mobile devices, chances are, your corporate data is already heading home with employees each night. BYOD and BYOA are just the start— Bring Your Own Everything is on the horizon.
Embracing the present
The first step is to either build a BYOD and BYOA policy, or review your existing policies to keep them up-to-date.
Employees are already using their own devices and apps inside the workplace — in an April 2015 report, Netskope found the average organization is now using 730 cloud-based applications. If that number seems high, it may be time to audit the software your teams are using, and determine if sensitive corporate information is at risk of being lost in the cloud.
Next, give employees the secure tools they need to use the devices and apps they choose. Different teams may choose different engagement software based on their individual needs. Mandating the entire company standardize on a single, monolithic software platform or official device is unrealistic, and may encourage “shadow IT,” where teams ignore official channels and adopt the tools that work for them.
Information silos are dangerous. At best, silos hinder company engagement by preventing teams from getting the information they need to make informed decisions easily. At worst, silos force employees to kluge together a solution — for example, emailing data across the company in spreadsheets.
Breaking information silos apart is possible with software like the Avaya Engagement Development Platform, which allows companies to write custom code that either communication-enables their existing apps, or builds new apps to share data between silos.
Lastly, smart companies adopt multiple layers of security, knowing that data breaches are just as likely to come from within the company than without. Firewalls are not enough — network access must be segmented and role-based.
In a widely-publicized data breach last year, a major U.S. retailer admitted it had lost millions of consumer credit card numbers after it gave its HVAC vendor access to wide swaths of the company’s corporate network. Hackers breached the vendor, and used their network credentials to raid the retailer’s credit card database, which was sitting in a section of the network that an HVAC company should not have been able to access.
Virtualized, software-defined networking makes role-based network access easy, reduces the size of the network’s footprint of endpoints and obscures portions of the network from hackers. Individual devices, applications and endpoints are provisioned dynamically, with network access extending and retracting as needed.
BYOD and BYOA represent the new reality for enterprises. Take proactive steps to review your company’s BYOD and BYOA policies, give employees the tools to allow this trend, share information securely between applications and gain more control over the corporate network.
Want more? Download the new Avaya white paper, “The New Rules of Engagement.”