Many organizations focus primarily on protecting themselves against hackers and other external threats. While it's generally a good idea to close network security gaps as quickly as possible, it's also important to look behind network safeguards. A recent Forrester report found that most data security breaches happen because of employees.
As PCWorld columnist John Dunn highlighted, the research found that lost or stolen devices account for 31 percent of all data security breaches, while accidental misuse by an employee accounted for another 27 percent of incidents. In addition, 12 percent of breaches were caused by malicious insiders, making internal vulnerabilities in some form or another responsible for a total of 70 percent of breaches. One of the reasons for the high number of internal vulnerabilities is simply that many companies have lagged behind in responding to current technology trends.
"Predictably, the arrival of mobile devices and the consumerisation of IT hasn't helped matters," Dunn wrote. "Most organizations formulate policies for securing mobile devices but, paradoxically, lack enough tools to enforce them."
These breaches may be particularly dangerous for businesses due to the type of information that most often becomes compromised. Dunn reported that 22 percent of incidents involved either customer or employee data. In addition to reputational damage, organizations within many industries may face non-compliance fines when personal information is stolen. Another cause for concern is that 19 percent of breaches involved intellectual property, which has become a critical source of revenue for a significant number of businesses.
BYOD requires consideration
It may not be surprising that companies are anxious to leverage the BYOD (Bring your own Device) trend. Research has shown that effective BYOD policies can improve employee productivity without costing the business extra money. However, it takes some careful consideration before mobile strategies can be implemented without causing security headaches. IT service company Grudi Associates recently published an analysis of BYOD and the factors organizations should consider before adopting a mobile policy. The key thing to remember is that BYOD may not be a good fit for every company.
"There is growing evidence that BYOD is not for everyone," said Walt Grudi, President of Grudi Associates. "And there is an important difference between policies that permit employees to use their devices for work (while still supplying company-owned devices) and policies that require workers to exclusively use their own smartphones, tablets, laptops, etc. We've found that BYOD-only policies, which are more extreme, can be much more difficult to address."
As Grudi pointed out, not all BYOD implementation strategies are created equal, and, as Forrester's research showcases, many organizations struggle with adopting technology to secure their networks. Before buying into media hype, it's important to draft a mobile strategy that covers which devices the company will support and how the business will restructure regulation in this new era.
Data Security News from SimplySecurity.com by Trend Micro