Forrester shows that Europeans are now more connected than ever before, with most owning two or more connected devices. As the use of personal devices in the workplace continues to rise, employee education will become key.
Many habits developed in personal device use are a liability for enterprises, so employees need to understand the importance of keeping data secure. They are the biggest security threat in terms of data leakage. The fact that Dropbox is currently used in 95 per cent of Fortune 500 companies means that at present, a huge amount of corporate data is vulnerable.
Unfortunately for the CIO, it is not as easy as just implementing a secure mobility solution to keep data secure. As well as implementing a technological change, companies need to roll out a cultural change within the workplace.
Employees must have a better awareness of whether corporate data is secure or not. One of the greatest issues that organisations have to tackle is employees who send sensitive corporate documents to a personal email account. Once a document has been ‘leaked’, it is no longer under the control of the organisation, therefore its security can no longer be monitored.
Dropbox is a huge bugbear for corporate IT departments because it takes cloud storage and file synchronisation outside the enterprise. It’s convenient for employees, but Dropbox has had a number of high profile data breaches. These include issues in 2012, where stolen passwords were used to sign in to a number of Dropbox accounts, or in 2011 when Dropbox switched off the password function for a number of hours, leaving all of the data stored totally unprotected.
However, despite these high profile breaches, people continue to use the service to store sensitive data. Recent research by Spiceworks Research has found that 40 per cent of IT professionals use Dropbox, or are planning to use Dropbox as the approved file sharing vendor for their company.
IBM has recently banned Dropbox, iCloud and the practice of employees forwarding corporate emails to their personal email accounts. The reason for this was that it found that its workforce had a tremendous lack of awareness of what actually constituted a risk.
The top three reasons employees become security risks are:
- Use of unauthorised programs on corporate devices or hardware
- Transferring files between work and personal computers for working from home
- Password misuse – either sharing passwords, or using the same password for corporate and personal programs
People will always find a way to use the device or application that they want, regardless of the security consequences. For this reason, they must be educated in using technology in a new way that also ensures data security.
Some concessions are needed by the enterprise, of course. Familiarity – with the device and apps – is vital and supports the education on safe data and information security practices. If employees are offered a better user experience in a secure way, then they are less inclined to find ‘work-arounds’ anyway. Combined with security guidelines, enterprises can establish secure mobility without exerting heavy controls.
A containerised approach to secure mobility takes away many of the opportunities for data leakage. Employees can make the most of a device in their personal time and no matter what they do with, the highly sensitive corporate data will stay securely containerised within the device.
To extend our example for file-sharing, Box has a secured app on the Good Dynamics platform. This is held in a secure container, to prevent data leakage, but gives the same any time, anywhere accessibility.
To make the most of this strategy, employees need to be enthusiastic about it. Usability and behavioural education will help get this buy-in.