In today's fast-paced world of meeting and deadlines - not to mention the multitude of kid soccer games and other activities - most of us work long after the close of business. Sometimes it’s out of necessity (your In-box rivals the tallest peak of Mt. Everest) and sometimes it’s just because (can anyone say peace and quiet?!). Oh by the way, if you are looking at work emails after 5pm, you are working. Whether working past 5pm is a good strategy (or even productive) is a discussion for another day. Today, however, the real issue and concern is the risk behind how we access data after hours.
Businesses are in such a hurry to get work done that most do not stop to take into account the serious security risks and exposures associated with making information available outside of the corporate network. Data is the life blood of a business - be it intellectual property, product design, financials, marketing information, process documents, employee and customer records....I can go on but you get the drift. Whatever your business creates, you can bet that there is critical data floating out there somewhere.
As an over-achieving work culture we have eclipsed the 8 hour work day, looking at emails, responding, sending files, and using smartphones, tablets, laptops, and desktops at home to get it done. The issue we come across all too often is that companies have no control over these devices, even company owned laptops that have been provided to employees. These devices house corporate information but no mechanism to encrypt, delete, track or wipe the device should it be stolen, misplaced or not returned by an employee that is no longer working for the company.
The truth of the matter is that most businesses lack basic policies and management protocols when it comes to corporate data leaving the network.
Here are the most common findings Kobargo has uncovered when performing our Top-Rated Risk Assessment:
- No Data Loss Prevention (DLP) security layer. Establish data loss protection controls that define what information cannot leave the network in any way, shape or form.
- NO BYOD policy for using personal devices to access corporate data. The business must be clear on what devices can be used to access corporate data and provide the proper tools for accessing corporate data such as VPN, disk encryption, and device tracking.
- NO (or incomplete or not disseminated) acceptable use policies for Internet, email and file sharing. AUP are a necessity for any business to not only clearly define its use policies to employees and customers but also to protect itself from litigation.
- NO Mobile device management of phones, tablets, and laptops. No control means you don't know where your data is, period.
- NO application use restrictions (BYOA) and no insight into applications being used on BYOD accessing corporate data. Be clear on which applications can be used to share files - sometimes files are too big to send via email so users send it the most convenient way they know, a free, unencrypted file sharing app. That's a big no-no.
- NO continuing education of employees about appropriate handling of data and ongoing security threats. This stuff is not intuitive and employees don’t know the inherent security threats associated with passing data through unsecured devices or applications.
As more companies realize the value of their data, they also start to realize that they have no control over it once it leaves the network. In a drive towards expediency companies are sacrificing security and exposing the business to serious risk, and, the inability to provide application use controls and device management will lead to lost and stolen data. The question is, will you even know?
Kobargo provides Mobile Device Management as part of our Managed Services. Ask Kobargo how we can help.