John Thielens, chief security officer for Axway writes for CBR on how to patch up holes in your business’ security blanket.
The consumerisation of IT in businesses is here to stay. At its latest Symposium, Gartner revealed that by 2016, two-thirds of the workforce will own a smartphone and 40 per cent of the global workforce will be mobile. With this in mind, failing to ensure second to none data security within a business in this day and age can prove as risky as walking a tightrope with no harness.
In order for businesses to meet the challenges around data privacy, they need to be aware of their surroundings. With an increasingly mobile workforce on their hands, many organisations today are operating in an open network; one that can be more vulnerable to threats that can damage corporate reputations. Not only this, but being more prone to data breaches means that businesses are putting themselves in the firing line of the likes of the Information Commissioner's Office (ICO), which has the power to hand out hefty fines for those found in breach of data privacy regulations. Granted, consumers have an obligation to watch out for the privacy of their personal information online. However, once a business gets its hands on that information they ultimately become the custodian of that private data, and have a duty to safeguard it. You only have to look at how this plays out publically to see how imperative it is to have proper information security processes in place. Take the Sony data breach last year, which lost 102 million customers' details in two separate attacks, for example.
Businesses must ensure they know exactly where their corporate and customer data is, who is accessing it, how they are accessing it, and what they are doing with it. With a steady flow of internet connected devices being launched on the market, more and more employees are able to access confidential corporate data remotely, often through external, unsecure networks. While employers are feeling the pressure to implement Bring Your Own Device (BYOD) schemes within the workplace and to make the most of the changing technology landscape, this needs to be coupled with policies and security measures that provide full visibility of where data is and who is accessing it at all times. This end-to-end visibility, together with proper BYOD policies, can be the difference between earned customer loyalty and irretrievable brand damage.
Another risk factor that businesses need to take into account is the lack of expertise in the workforce. There is already a pervading fear around how human error can compromise the security of data within an organisation. And human error can be costly. Just last year, Stoke-on-Trent City Council was hit with a £120,000 fine from the ICO when an employee accidently emailed sensitive information on a child protection case to the wrong person. To avoid these public pitfalls, businesses need to ensure they are investing in their workforce, equipping them with the skills and knowledge they need to ensure data isn't leaked as a result of unnecessary human error.
Enterprise uptake of cloud services and the move towards BYOD is changing the way businesses operate. It is creating a world of opportunity, cutting the costs of hardware investment and boosting flexibility for the entire workforce. Having said this, it's crucial that businesses understand that this new era of business comes with a new set of rules.
It's not all doom and gloom though. By analysing the network, identifying weak spots and taking the appropriate steps to mitigate risk, businesses can ensure data isn't compromised because of external threats or human error. By arming themselves with the right balance of knowledge and sound security tools today, businesses will ensure that their security remains airtight tomorrow.
John Thielens, chief security officer, Axway