Information security often seems to be an internal battle ground, with the organization attempting to impose ever more restrictive security and employees continually looking for ways round it to make their jobs easier and more productive. Per Stritich explains why this situation occurs and what to do about it.
Security procedures are vital in many areas of everyday life. Across the globe, busy airports ensure crew and passengers alike go through thorough and strict security checks. This may be time-consuming and inconvenient but is absolutely necessary to ensure passenger safety and the consequences of skipping such processes have the potential to be extremely dangerous. Similarly, when you log on to your online banking account, you may have to enter one or more security codes and PIN numbers to be granted access, which can be frustrating when you’re in a hurry but it is monumentally important to prevent your data getting into the hands of someone else. It’s evident that security procedures may seem inconvenient in consumer’s day-to-day lives, but how does this reflect into their professional world?
The sheer level of valuable and perhaps sensitive information a business holds means that the security measures that organizations put in place are likely to be strict and sometimes time-intensive. In line with this, as employees increasingly access both company and personal data on the same devices, these processes need to be implemented in order to ensure employees at every level are doing all they can to keep company data secure. However, employees don’t particularly want to spend time going through such strict processes. So, what businesses need to consider is whether they are making security processes too complicated for employees to adhere to day-to-day?
Freedom vs. security
Employees want the same freedom as consumers. They want to work from mobile devices, from anywhere, at any time. In the same breath however, they still need to do this at a level of security suitable for the business.
Consumers may have one password for all online accounts, just because it’s easier to remember. Or they may simply shun online services requiring two-factor authentication, such as online banking, as it takes too much time. The trouble is, if employees have this lax attitude to security on their work devices, they may be opening your business up to all sorts of risks.
BYOD and the ever-growing mobile office must become a top priority. The right employees must have access to the right sources at the right time, whether they’re on the move or in the office. This means that ensuring there is the correct access management strategy in place to cope with a mobile office is imperative.
The rise of the data breach
The consequences of employees being the weakest security link are becoming increasingly severe. There have been many developments concerning the issue of data security over recent years. In fact, until recently, information management was something only larger businesses thought about. However, over the past twelve months, in particular, the issue has been thrust to the front of all CIOs minds as attitudes towards data protection have changed.
The European General Data Protection Regulations (GDPR), the biggest overhaul of regulation in the last twenty years, coupled with several high-profile data breaches, reinforces the fact that businesses must be more prepared than ever to secure and protect sensitive information – and it doesn’t have to be too complicated either.
When staring down the barrel of a data breach, it isn’t necessarily the breach itself that could upend a business. Now, with the new GDPR measures, it’s the possibility of being fined up to four percent of global turnover, as well as the almost guaranteed negative press coverage hitting a company’s reputation, thus damaging its relationship with its customers. These risks aren’t something that enterprises should be taking lightly.
Streamlined, simple and secure
Employees are still the weakest link when it comes to information management, so rather than implementing complex security measures that discourage workers, security needs to be as user friendly as possible. For example, advising employees to use stronger passwords and change them more frequently does not solve the problem and may not be physically possible when employees have five or more passwords. Organizations need to adopt a solution that completely removes the majority of user function – not doing so encourages employees to get around processes and put your organization at risk.
Companies with data in the cloud should implement an identity access management (IAM) solution as soon as possible in order to get access under control and ensure employees aren’t discouraged by complex security measures.
Forrester Research estimates this type of solution will reduce your organization’s threat surface by 75 percent. A solution such as this allows employees to easily access apps and programmes whilst keeping business data secure, it removes the human error element and is quicker and more convenient for employees to adhere to.
Another simple way to address the issue of security within an organization is to teach staff about the security issues that face the business. By being more aware of the potential threats, staff are more likely to take security procedures seriously and perhaps notice if something doesn’t seem secure.
Per Stritich is vice president EMEA of OneLogin.