Almost 95% of IT security breaches can be attributed to some kind of human error. They say “to err is human,” and this definitely holds true for IT security. The rise of mobility, of laptops, smartphones and tablets, has resulted in a mobile workforce that introduces new data security challenges. A current area of concern is the use of mobile devices when traveling, which at the best of times increases data risk, and now is further amplified by new research indicating the insecurity of hotel WiFi.
Employees Put Data At Risk
In our Mobile Enterprise Risk Survey, we found that data security was being hampered by employees, who do not accurately value the corporate data on their devices, nor their role in protecting this data. The survey showed that 23% of the respondents believe that data security is “not their responsibility.” In reality, employee actions have the
Corporate data is constantly at risk on mobile devices; devices are routinely lost or stolen, employees use public WiFi, click on phishing links, bypass encryption, download unapproved apps or share the same password across corporate and personal services. There is a lot of “mobile mischief” going on that puts corporate data at risk, so organizations need to look at how to manage the use of devices, and educate staff, to avoid a costly data breach.
Business Travel Puts Data at Risk
The FTC released an alert earlier this year warning travelers of the risks associated with hotel Wi-Fi, and a new report from Cylance suggests that 8 out of the top 10 hotel chains have vulnerable routers. Hackers are using security vulnerabilities in hotel WiFi to steal people’s passwords and other sensitive information, all of which could be used toward a subsequent attack against a corporate network. Earlier this year, we discussed the rise of a more targeted attack on business travellers through WiFi, targeting the laptops, phones and BYOD devices of executives as a prelude to corporate cyberattack.
What can IT do to protect devices in these situations?
- Implement Formal Employee Policies – education and training can prevent some breaches or help organizations address potential breach situations more quickly. IT infrastructure can ensure employees stay on the straight and narrow. BYOD, MDM, and general use policies will provide staff with clear expectations and steps to follow when it comes to using devices that access the corporate network or what to do if a device is at risk, including freezing a device or wiping it clean. The use of a a Device Freeze Policy in Absolute Data & Device Security (DDS) can help IT monitor for suspicious activity and help avoid potential breach situations.
- Encrypt Data – this is your “front line” of defense, but you must be able to prove encryption was in place and working in order to satisfy compliance auditors. Encryption is not infallible, so this next point is important:
- Take a Layered Approach to Data Security – on networks, endpoints and corporate data. The more layers of defense you have, the better.
With the proper training and IT support, backed with Persistence technology, organizations can make strides to offset the kinds of employee behaviour that put corporate data at risk.