Personal devices such as smartphones and tablets are perceived to be one of IT security’s weakest links. As more companies embrace BYOD- Bring Your Own Device, these personal devices pose a significant security risk to the company’s network. Bring Your Own Device refers to a company’s policy of allowing employees to bring their personal laptops, mobile phones, and tablets into the workplace and connect them to the company’s network to access company data. If a personal device is brought into the office that already contains a malware infection, possibly unknown to the user, the malware can gain access to the device’s network connection. Another threat to a company’s network is when employees save company files to personal file-sharing applications. File-sharing applications such as Dropbox have helped simplify communication of shared documents; however, these services often lack basic security procedures. A 2014 study executed by Intermedia showed that 68% of former employees admitted to storing work files in personal cloud storage services. Protecting a company’s network begins with training the employees. A new study from Intel Security indicates that among companies who experienced data breaches, internal employees account for 43 percent of data loss- with roughly half of the leaks being accidental. This percentage can be decreased by simply educating employees on IT security.
The first step a company should take to minimize its security threat from employees and BYODs is to establish IT and security policies that train employees from the start. The training should not stop there, a good IT policy involves every employee staying current with new technologies and understanding the common types of threats or attacks that can affect business operations. Therefore, companies should hold periodic information and training sessions.
The next step a company should consider taking is to use a business class cloud sharing service instead of Dropbox or other unsecure file sharing services. Alexaur Technology offers ShareSync, which joins the forces of backup and file sharing to enable intuitive file management and mobility while helping to keep company data secure and protected. ShareSync has comprehensive security features including permission-based sharing that give you security and control.
Another step a company should take to minimize its risk is to create a unique login for each user/employee. If login credentials are shared among multiple employees, this will leave the company vulnerable to a data breach. Along the same lines, a company must immediately remove an employee’s access to all company data upon termination or resignation. In the same study done by Intermedia, results showed that 89% of former employees retained access to sensitive corporate applications, while 45% retained access to highly confidential company data.
Companies should make IT security a priority by emphasizing its importance with employee training and information sessions. Once a company has established a secure policy, regular updates and reviews of such policy should take place to account for the constant evolution of IT.
Please feel free to fill out the contact form on the right hand side of this page and let us know how we can improve our blog to better inform you and/or if you would like further information on the services we provide.