Trend Micro has released another attention-grabbing video tutorial on mobile and smartphone security in the workplace.
Some of the scenarios it demos are really very frightening (from a corporate perspective) and if I ran a company, no matter what the size, it’d probably have me tapping out an email straight away to our head of IT about tightening the control on staff use of mobile devices. However, the real issue is bigger than just control.
I think companies should be asking themselves how they can secure their business from threatening access via devices, rather than how they can control the devices themselves.
Devices are often owned by the employees, not the company, but the majority of those devices will have “guest” internet and LAN access. This means that the organisation is legally unable to secure & control those devices, because a company cannot enforce security and control software upon devices which it does not own. Yet, its data could be at great risk and if devices are compromised, the scenario demonstrated in the video above will become a reality.
The Infographic (pictured right) is created by one of our vendor partners, Trend Micro. It suggests (putting it bluntly) that employees can take much of the blame for data protection breaches. 78 per cent of organisations have suffered from at least one data breach over the past two-years, but only 8 per cent cited external attacks as the main reason. Loss of laptops and other mobile devices is the biggest failing. It looks like us employees could be responsible!
Bring Your Own Device (BYOD) is rather under rated on this Infographic. It only makes number 10 on the riskiest employee practices list. However, I think the risk could be much higher, especially in SMBs. Using the right software, large businesses, which have their own “fleets of IT” can control device access, website access, data encryption, applications, and in the event of device loss, remotely wipe data too. SMBs by contrast rarely provide staff with devices for work use, but still need to protect (but probably don’t) corporate data held or accessed (intentionally or by accident) using an employee’s own device.
Legislation will only increase
Personally, I don’t think individuals are all entirely to blame. They may lose the devices or cause the data breach, but SMB owners also need to take data protection more seriously. For one thing, legislation in this area will only increase. It is interesting that the research behind the infographic suggests only 43 per cent of organisations protect sensitive information with data protection technology. I should imagine in SMBs that figure is much lower.
Consultancy first, product sell second
The Infographic really highlights some sweeping trends, but for me the biggest point on data protection is that every company is different; every company operates with different levels of protection sophistication. The biggest opportunities for resellers right now – with support from consultancy-led distributors and vendors - is to sell consultancy services to end-user customers. Consultancy first, product sell second. Resellers should now be working with business owners to provide security audits, to really understand how their businesses operate and then to help them find the security holes. In many cases, owners simply don’t realise they have a security hole!