Security procedures are vital in many areas of every day life. Across the globe, busy airports ensure crew and passengers alike go through thorough and strict security checks. This may be time-consuming and inconvenient but is absolutely necessary to ensure passenger safety and the consequences of skipping such processes have the potential to be extremely dangerous. Similarly, when you log on to your online banking account, you may have to enter one or more security codes and PIN numbers to be granted access, which can be frustrating when you’re in a hurry but it is monumentally important to prevent your data getting into the hands of someone else. It’s evident that security procedures may seem inconvenient in consumer’s day-to-day lives, but how does this reflect into their professional world?
The sheer level of valuable and perhaps sensitive information a business holds means that the security measures organisations put in place are likely to be strict and sometimes time-intensive. In line with this, as employees increasingly access both company and personal data on the same devices, these processes need to be implemented in order to ensure employees at every level are doing all they can to keep company data secure. However, employees don’t particularly want to spend time going through such strict processes. So, what businesses need to consider is whether they are making security processes too complicated for employees to adhere to day-to-day?
Freedom vs. Security
Employees want the same freedom as consumers. They want to work from mobile devices, from anywhere, at any time. In the same breath however, they still need to do this at a level of security suitable for the business.
Consumers may have one password for all online accounts, just because it’s easier to remember. Or they may simply shun online services requiring two-factor authentication, such as online banking, as it takes too much time. The trouble is, if employees have this lax attitude to security on their work devices, they may be opening your business up to all sorts of risks.
BYOD and the ever-growing mobile office must become a top priority. The right employees must have access to the right sources at the right time, whether they’re on the move or in the office. This means that ensuring there is the correct access management strategy in place to cope with a mobile office is imperative.
The rise of the data breach
The consequences of employees being the weakest security link are becoming increasingly severe.
There have been many developments concerning the issue of data security over recent years. In fact, until recently, information management was something only larger businesses thought about. However, over the past twelve months in particular, the issue has been thrust to the front of all CIOs minds as attitudes towards data protection have changed.
The most recent update of the General Data Protection Regulations (GDPR), leading to the biggest overhaul of regulation in the last twenty years, coupled with several high-profile data breaches including those of Ashley Madison, Hilton Hotels and WHSmith, reinforces the fact that, with the ICO watching, businesses must be more prepared than ever to secure and protect sensitive information – and it doesn’t have to be too complicated either.
When staring down the barrel of a data breach, it isn’t necessarily the breach itself that could upend a business. Now, with these new measures in place, it’s the possibility of being fined up to four per cent of global turnover by the ICO, as well as the almost guaranteed negative press coverage hitting a company’s reputation, thus damaging its relationship with its customers. These risks aren’t something that enterprises should be taking lightly.
Streamlined, simple and secure
Employees are still the weakest link when it comes to information management, so rather than implementing complex security measures that discourage workers, security needs to be as user friendly as possible. For example, advising employees to use stronger passwords and change them more frequently does not solve the problem and may not be physically possible when employees have five or more passwords. Organisations need to adopt a solution that completely removes the majority of user function – not doing so encourages employees’ to get around processes and put your organisation at risk.
Companies with data in the cloud should implement an IAM solution as soon as possible in order to get access under control and ensure employees aren’t discouraged by complex security measures.
Forrester Research estimates this type of solution will reduce your organisations threat surface by 75 per cent[1]. A solution such as this allows employees to easily access apps and programmes whilst keeping business data secure, it removes the human error element and is quicker and more convenient for employees to adhere to.
Another simple way to address the issue of security within an organisation is to teach staff about the security issues that face the business. By being more aware of the potential threats, staff are more likely to take security procedures seriously and perhaps notice if something doesn’t seem secure.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.