Sales, expenses, growth, and customers are all topics pushing IT security down in priority. But, as companies work to build a customer base, consider the potential damage to these areas if customer trust is lost in the wake of a data breach. Security is, if anything, more crucial for growing businesses that cannot weather the resulting customer erosion.
Internal risks in security often come from the weakest link – employees. According to Forrester Research, insiders are the most common source of breaches with 36 percent resulting from inadvertent misuse of data by employees.
The same tech trends amplifying these mistakes also provide significant cost benefits for the business. These trends include the consumerization of IT, cloud adoption, and bring your own IT (BYOIT), which has moved employee-owned devices and dictated cloud-delivered SaaS applications into the workplace. How do businesses reap the benefits without the risk? Embrace them as part of the organization’s security strategy, securing both the business’s data and customer trust. Here are five key steps for building a security strategy.
Employees are the front line of any organization and the gateway for much of the corporate data – they create, access, and transact it daily. Those same employees are also consumers – they bring their own devices, cloud applications, and security habits to work, leaving the business’s data at the mercy of employee behavior. With breaches on the upswing, companies can’t afford to leave employees ignorant of security best practices.
When an employee’s personal accounts are breached, it creates a potential entry point into a business. By helping employees secure both personal and work lives, businesses mitigate risk.
Train employees on the cybercriminal tactics used to breach accounts. Helping employees understand both the business and personal risks gains buy-in and facilitates security training. Either web-based platforms or consultants create awareness and foster behavior change in employees to build a culture of data security.
Employee identities are the keys to the internal operations of a business and in the tech world, employee identities translate into logins: usernames and passwords. Identities are the key to a company’s network and cloud resources that ultimately house customer data. eBay’s recent breach of employee logins demonstrates this can mean the compromise of customer records, 145 million in their case. Much of business today is done in the cloud, and the more cloud resources a business relies on, the greater the risk of stolen logins. Due to the epidemic of reused logins, a login stolen in one location can unlock others.
It’s essential these identities and corresponding logins be managed centrally for visibility into cloud resources that serve as potential business data repositories. Identity and Access Management (IAM) solutions enable businesses to manage and secure employees’ logins used to access resources, allowing companies to track who has access to what, when. Cloud applications have evolved IAM to the cloud, making solutions more affordable and convenient to manage and access.
Security theater is alive and well. The majority of vendors claim to have strict privacy policies and secure services. Decision makers must ask potential vendors where data will be stored, who will have access to it, physical and network security standards, and breach notification policies. Perform due diligence on applications employees use on behalf of the business. Cloud resources are chosen for their utility and convenience, but where and how its data is being managed is the key. Ignorance is not bliss – it’s a liability.
Assess a vendor’s reputation before entrusting the company identities and data:
The key to security adoption is convenience. Security policies and tools that are confusing, time-intensive, or support limited devices fail quickly. Why? People simply won’t use them if processes impede on day-to-day productivity. The cloud and BYOIT gives workarounds for security and the ability to choose individual IT tools. Chances are these shortcuts are short on security, too. Curate policies and tools for employees that meet the need for convenience.
If people are using an application that hasn’t been approved, find out why they need it and whether it’s up to the organization’s standards. Rather than the company banning the application, offer a secure alternative. Make it easy for people to find the curated applications and to follow security guidelines. Convenience trumps security.
5. Embrace Bring Your Own IT (BYOIT)
BYOIT brings great value for growing businesses, namely reduced costs, but while it’s a win for the bottom line, it presents a major hole in the business’s security strategy. Employee-owned devices and applications transact the business’s data presenting big risks for the company with negligence or theft. Significantly reduce security risks by enrolling BYOIT users into a defined, sustainable security program securing access to company data.
Eliminate heartache before it hits by addressing security risks to business resources and data. A simple security strategy built around business processes will reduce the risk of loss resulting from a security breach, while setting employees up for productivity and the company for undisrupted growth.
Tom Smith is VP of Business Development & Strategy for Austin-based CloudEntr at Gemalto, a solution enabling businesses to securely manage access to data and cloud applications. A high-tech veteran with 30+ years in experience in cloud and security, Tom has served as CEO at two tech startups: IronStratus and Countermind. www.cloudentr.com.