Security threats come in more shapes and sizes than ever before and can thus penetrate your company network in a multitude of ways. Keeping tabs on the security of your business can feel like an overwhelming task at times, so here's five key areas to prioritise when deciding how to protect yourself and your crucial company data.
1. Manage your mobile workforce
BYOD, CYOD and COPE policies: great for efficiency but potentially lethal for data. Devices are easily lost or stolen when employees are travelling home, working remotely or even on holiday.
If this happens, smartphones, tablets and laptops all offer a gateway to the business infrastructure, leaving company data ripe for the picking. Not only will this put a massive dent in the integrity of the business but it also leaves them subject to the wrath of the Information Commissioner's Office, with a fine of up to £500,000.
The encompassing rule for all businesses, from SMEs to large corporations is that you need to find ways to securely enable your employees to work on the move and outside of the office.
Some businesses are doing this by using software that allows remote file retrieval and complete data wipes. When you do get it right, it's as simple as 'track, manage and secure' for the devices and information, within and outside of your organisation.
2. Don't ignore the threat of apps
App use boomed by 115% in 2013 and with it came a whole tier of commonly available apps that posed a threat to individual and corporate data security.
Apps become dangerous when they store data in 'uncontrolled' repositories or when unsigned apps are downloaded with concealed, malicious malware, designed to harvest personal and business information.
Hardware manufacturers, app developers and security specialists are working to secure environments but the only way to operate in confidence is to ensure you've created a business strategy that acknowledges and accounts for the threat of apps.
Managing apps deployed on workplace devices and blacklisting the dangerous ones is just one of the ways IT departments can do this.
3. Educate your staff
23% of employees don't believe that the security of their company's data is their responsibility. This means that you can apply whatever technology you want to control data, but ultimately the weakest link may be the psychology and personal preferences of your individual employees.
You need to make sure your employees are informed about data security and the more you can align their perception of the risks out there with the potential impact on the company, the better the rapport and your ability to work together to create a secure environment.
4. Account for multiple threats
Almost all business data is now digital. This is driving huge efficiencies and savings but it leaves valuable data vulnerable to numerous and varying threats.
These threats can come from malicious intent or human error and can manifest through lax security within the likes of remote working, BYOD, COPE and cloud storage policies, or through simply leaving an unlocked device on a train. Either way, companies need to adopt a holistic approach to cyber security.
Provisions need to extend beyond a firewall and cover more than just hacking attacks. Data security policies need to take into consideration each device brought into the office, as well as each end-user. This way all potential security risks are covered.
5. Let software do the work
Mobile device policies are the norm for contemporary businesses but the speed at which they've developed has meant that CIOs have barely been able to keep their head above water.
Regardless of the particular policy – BOYD, CYOD, COPE and so on – they have all become common headaches for IT departments. When deciding how to solve this pain though, the resolution is not mutual and it's not just a case of one fits all.
Businesses need to choose a policy that suits their needs and couple it with mobile device management software that fits best. This way no data can slip through the cracks.
- Stephen Midgley oversees all aspects of global marketing and product management at Absolute Software including corporate communications, product marketing, demand generation, and the company's presence on the web.