The Next Way Hackers Will Try to Steal Your Data
Bring your own device (BYOD), is the next wave in workplace computing. Tablets, phablets (phone plus tablet), smart phones, and other new devices provide your employees a wide array of new capabilities and the opportunity to efficiently collaborate and share information. The BYOD wave has expanded to include software and services that provide cloud based services like SkyDrive and DropBox for storage and sharing, and Google Docs for collaboration.
It makes financial sense. It increases employee satisfaction and productivity; however, can BYOD make your business a target for hackers? Along with BYOD come numerous security issues that can include loss of confidential and proprietary information by virtue of unsanctioned files being copied off your network and new avenues for hackers to access your data. It is easy to see how compromises to your information security could dramatically impact the value of your business.
Secure Your Employee 'BYODs'
Recently, there have been a number high profile incidents reported where hackers were able to gain access to highly sensitive customer information. Though unclear if BYOD was the culprit, it is clear that every time a company loses control of its information security it impacts online and, in some cases, store-front sales. These events also undermine consumer confidence. Whether you are the CEO of a major retail outlet or a growing middle market company, when sales and consumer/customer confidence both drop, it significantly impacts company value.
As the VP of the IT practice at an investment bank, I see business owners struggle with company valuations every day. Based upon their historical experience, these seasoned entrepreneurs know how the loss of a specific customer or the signing of a new contract alters their valuation positively or negatively. Yet, few think about how losing control of critical or sensitive data would impact that same valuation.
A good first step is to employ BYOD policies. Most businesses have some controls in place to protect the information residing on their servers and employee PC’s. These include active directory permissions for folders on shared drives, policies for documents on SharePoint, and in some cases entire document management software suites. However, once a file is moved from the network to an individual device or non-corporate cloud service, the security of that information becomes totally dependent on the security of that device or service.
BYOD highlights the difference between company owned PCs, which are integrated into the overall information security plan, and employee owned devices that can operate outside of that security plan. Hackers look for the easiest point of entry, employee devices can provide the perfect weak spot hackers need to access your valuable data.
And BYOD security goes beyond outside hackers. What about your own employees? If a member of your team, who has access to sensitive company data, leaves the company? How do you protect yourself? In the BYOD world, all your corporate data could still be on the former employee’s device or in their individual online storage account. Possible solutions include software packages that include mobile device management, which can monitor employee owned tablets and smartphones and delete sensitive company data from these devices when the employee leaves the company. This is a great start and should be part of any company’s overall information security plan.
However, you’re not done yet. These systems do not deal with cloud storage accounts or even a simple thumb drive that could contain gigabytes of your data. Remember that it’s your data make sure you have a plan to protect it. The value of your company rests upon your ability to protect the information you have been entrusted with. Ensure you have the policies and systems
David Raucher is an IT executive with expertise in building and implementing critical networks and overseeing operations 24x7 with 99.99 percent uptime. His expertise includes networking, ERP, CRM systems, websites, desktop support, software development, and data center operations.