One of the biggest responsibilities of any IT department is to maintain a high level of security and ensure that the company’s data is properly protected. The dangers of breaches in security are very real and the effects can be crippling to a business. Many IT departments tend to direct their focus and attention towards external threats such as hackers. However, more and more companies are coming to the realization that internal sources, such as employees, may present the biggest security risks to the company. As technology continues to advance and the business landscape keeps evolving, IT departments are scrambling to keep up and protect their company and it is becoming clear that the best place for them to start is domestically within the company.
Dangers of a Security Breach
The threats and possible repercussions of a breach in security are the primary concerns of any company’s IT department. The damage that can be caused by these breaches can be devastating for a business of any size.
According to a study done by Scott & Scott LLP of over 700 businesses, 85% of respondents confirmed they had been the victims of a security breach. These types of breaches can be detrimental to a company in numerous ways. The most tangible damage caused by these breaches is the fines that are typically associated with them. The legal repercussions of a data breach, such as fines and lawsuits, can become costly in a hurry. Also, the loss in customer confidence is something that can continue to hurt business for years and something that some companies may never be able to overcome. Finally, if the compromised data from a security breach makes its way into the hands of a competitor it can be disastrous.
Employees Pose Largest Risk
To avoid the negative ramifications listed above, an IT department must first identify where potential risks for a breach exist. While outside sources like hackers do pose a threat, the biggest risk for a security breach to a company lies with its employees.
Unlike hackers, employees are granted access to important company data on a daily basis. This level of access to information is the reason employees represent such a large security risk. There are a number of ways and reasons that an employee can compromise the security of a company. For instance, disgruntled employees may intentionally try to leak information or a former employee could use their intimate knowledge of the company to attempt to breach security. However, the most common breaches happen when an employee either willingly ignores or fails to follow security protocols set forth by the IT department.
BYOD Increases Risk
The “bring your own device” or BYOD philosophy is one that is gaining momentum and popularity among many different industries. While this type of system has its benefits and can be a successful model for most companies, it unfortunately also increases the risk of data breach and makes it more difficult for a business to ensure its information is secure.
The main risk associated with BYOD is the danger of lost or stolen devices. This is one of the drawbacks of BYOD because although this allows for an employee to continue working while out of the office, it also means that valuable data leaves the office with them. Allowing employees to work from their personal devices drastically increases the risk of data breach as people take these types of devices everywhere with them. Devices such as phones or tablets can be more susceptible to loss or theft as they are smaller and easier to misplace.
Another problem with storing important data on these kinds of devices is that if they are lost or stolen, the level of security for these devices tends to be quite low. Many users do not even have a protective password on their phones or devices and those that do usually have a four digit sequence that does not provide much security.
The other issue with BYOD in regards to security is that third-parties can gain access to a device through mobile applications. This is a problem because the person who owns the device may be downloading apps infected with malware which can provide undesired third-parties access to your business’ sensitive information.
Ways to Protect Against Security Breaches Caused by Employees
Although there are numerous threats to security, especially with a BYOD model, associated with employee activity; there are a few different things that a company and their IT department can do to protect their valuable data.
The first thing to do is make sure that your employees are aware of these threats to security and the damage they can cause. As mentioned before, most breaches in security occur when an employee unwittingly compromises security because they have no idea that their actions are potentially dangerous.
Offering education and training programs to help employees familiarize themselves with security policies will make it easier for them to follow such policies. In the case of BYOD it may be necessary to include employees in the policy-making process. This will give them intimate knowledge of why the policies are in place and increase the likelihood that they will adhere to security protocols.
There are also apps available that can help separate the user’s personal life from business. These apps will help protect a company’s data from third-parties as they isolate information associated with business and deny third-party access from personal applications. A company may also elect to create a “blacklist” which informs employees of which apps to stay away from.
Due to their unparalleled access to company data and information, employees pose the biggest threat to security for an IT department. Employees often cause substantial damage to a company because they are careless or unaware of potential dangers. Although external hacking is always a threat and should not be ignored, the first place an IT department should start in regards to ensuring their company’s security is internally with its employees.
About The Author: Ilya Elbert is an experienced IT Support Specialist and Co-Owner of Geeks Mobile USA. When he’s not providing information on data security, he enjoys keeping up on the latest news and trends within the IT industry.