1. Create a Risk-Aware Culture--Especially if Employees Use their Own Devices
Train all employees to be hyper-aware of possible data security risks. Kris Lovejoy, former General Manager of IBM security services, stresses the importance of creating a risk-aware culture. All employees need to be trained on the importance of identifying data security issues such as clicking a dubious attachment, keeping mobile devices updated with the latest security patches, or plugging in an outside USB stick. Lovejoy compares the necessity of being hyper-aware of risks to the knee-jerk reaction people feel when a child runs out into the street. “That same intolerance should exist, at a company level, when colleagues are careless about security,” asserts Lovejoy
A company culture focused on data security is essential, especially as more employees than ever are using non-company devices. Practices such as telecommuting and working on mobile devices are some of the biggest threats to data security if access and security updates aren’t properly managed. Lawrence Orans, research director at Gartner, shares the research firm’s statistics: 20 to 30 percent of consumer PCs have been compromised by botnets and other targeted threats. While corporate-managed PCs have a considerably lower comprise rate--between 4 and 8 percent--Orans stresses risks still exist. “Poor patch management and the fact that major endpoint protection platforms remain weak in protecting against targeted attacks and zero-day threats are key reasons for botnet problems in organisations,” explains Orans.
A logical solution, of course, is to prohibit employees from using personal devices for company work. This approach, however, limits productivity and is a near-futile effort. In fact, nearly 80 percent of people surveyed have worked remotely in the past six months. So not only is the mobile trend difficult to stave off, doing so is ultimately not in the best interest of the company.David Smith, vice-president and Gartner Fellow counsels to: "Exploit, manage and benefit from the consumerization of IT with education and a realistic and pragmatic approach. Don't try to stop it - you will fail."
Allowing employees to work across devices increases productivity, job satisfaction, and ultimately your bottom line. Therefore, education and technology controls must be strong in order to keep company data secure. Cloud-based systems where security updates and patches are automatically pushed through to individual devices are the ideal data security solution. Strong password management practices and vigilant security updates are a must.
2. Safeguard Passwords.
Since restricting the use of personal devices isn’t a viable strategy, the solution to data security issues from mobile devices is to control access while maintaining the ability to work across mobile devices. Peter Wood, member of the ISACA security advisory group, CEO of First Base Technologies says, “The trick is to identify the controls which will enforce your corporate security policy without driving a wedge between the business and its users.”
That corporate data security policy should begin with password hygiene. Passwords should be strong and unique with two-factor authentication highly encouraged. However, in a survey of 250 IT professionals, 62 percent reported that employees using weak passwords was their greatest security challenge.
While strengthening weak passwords will increase data security as well as improving lax password sharing practices. A reported 73 percent of employees don’t change their passwords after sharing it with someone else. This practice needs to change so that companies strongly enforce a password update after sharing it with other employees.
3. Secure Access Through System Administrators.
Having a systems administrator gives the protection of a gatekeeper to monitor access and permissions to data. Think of a systems administrator as the intelligence, the moat and the strong castle walls defending your data. Cloud-based information systems provide ideal data security solutions because of the ability to manage permissions and access from a systems administrator level.
Also carefully controlled by the system administrator should be the access and permissions to company data to ensure secure data storage. Contract workers and terminated employees’ system access should be managed with precision. Lovejoystresses the importance of managing identities to decrease vulnerability. She advocates “implementing meticulous identity and access management (IAM) systems to identify the people, manage their permissions, and revoke them as soon as they depart.”
Data kept in one secure software program rather than in fragments throughout the company is much easier to protect. An Infor report explains, “Using cloud services means that your data is better protected than if most of us tried to manage it on our own...large-scale services are all much better than we are at avoiding data loss from gear failure, keeping software up to date, upgrading hardware, and constantly improving security.” A cloud-based business software suite with CRM and other functionalities allows businesses to centralize data securely. Many cloud-based security updates will be automatic, ensuring tighter security than individual updates on separate machines. System administrators can oversee that updates are pushed to each user and that company data security policies are met.
4. Make Your Cloud a Fortress.
While some worry that off-site data storage is less secure, the reality is that most data compromise events actually come from within. According Forrester Research, 25 percent of respondents who experienced security breaches say the data security issues were caused by insiders with malicious intents. An additional 36 percent of the respondents said that data security breaches were a result of employee mistakes. Quite simply stated data protection is stronger with off-site cloud-based software and storage.
Paul Gillan, writing for CIO explains, “Cloud service providers have little choice but to deliver world-class security. Without it they can’t compete for lucrative business from big customers in industries like financial services and healthcare.” Because of the scale cloud service providers work on, security investments are larger and more efficient than on-site secure data storage. Additionally, patches and updates are pushed out across users, ensuring updated security measures across both internal computers and mobile devices.
Cloud security comes from secure practices, secure servers and secure physical locations. Ensuring your cloud provider goes above and beyond best data protection practices as well as seeing that your data is encrypted, ensures the most secure data possible.
Most employees whose jobs require access to company data use personal or mobile devices. And nearly 80 percent of people surveyed have worked remotely. Educating employees to be vigilant in data protection practices as well as identifying potential threats to secure data practices will increase your company’s data security. Avoiding sloppy password practices will also increase data security.
Providing controlled access and automatic security patches that update across all devices should be an essential role to secure data storage. System administrators need to act as the access and permissions gatekeeper in order to provide inherent data security. Overall, data kept in secure cloud storage locations has the advantage of being safeguarded by cloud companies who base their reputation on data security.