Poor Security Habits Put Your Business at Risk
As the reliance on centralized offices shifts to distributed business models and remote and mobile workforces, lines are blurring between work life and personal life. The proliferation of devices such as smartphones and tablets along with collaboration tools, video and social media are driving this operational shift, enabling employees to become far more mobile than previously possible. Unfortunately, this also allows employees to engage in behaviors that can place company networks and data at risk.
Removed from direct control of the organization, many employees use these tools and applications in ways that would not pass muster with IT staff. Some of the risky activities include:
- Using work computers for personal use such as downloading music, shareware and other prohibited files, engaging in online shopping and banking, and visiting unauthorized websites
- Sharing sensitive company information with non-employees such as friends and family — or even strangers
- Leaving computers logged on and unlocked when they’re away from their desks and even overnight
- Storing logins and passwords on their computer or writing them down and leaving them on their desks, in unlocked cabinets, or pasted on their computers
- Carrying company data outside of the office on mobile devices, which presents high risk if the devices are lost or stolen
- Allowing unknown individuals to tailgate behind them into company facilities and allowing non-employees to roam around offices unsupervised.
In order to combat the growing risk from unsafe employee behavior, organizations should establish security best practices and educate employees as to their importance. It’s important to remember, however, that employees will simply bypass security policies that hamper their productivity. Organizations can mitigate this risk by developing policies that align with the needs and realities of the business. When security is as convenient as possible for end-users, they are less likely to work around security policy.
It is also important to ensure that security technology supports and enables best practices. For example, many employees use less-than-ideal methods to access company information while on the road, waiting at airports or working in coffee shops. Accessing work email and other network resources via a public Wi-Fi hotspot is an all-too-common activity. Organizations can improve security while maintaining the flexibility of remote access by requiring more than just a username and password to log onto virtual private networks (VPNs).
Mobile devices are also a concern. More and more employees are carrying mobile devices, such as a smartphone, tablet or portable storage, containing sensitive company information. Those devices are easily lost or stolen. Organizations can minimize the risk by encrypting sensitive information wherever it is stored or transmitted.
Effective security requires a thoughtful approach that balances restrictions with flexibility and incorporates technology, sound policies and user education. Let ICG help you devise and implement a security strategy that protects your business without impeding productivity.