Security isn't just
the locks on the doors. Part of it can also be having the proper
policies, procedures and processes in place.
For companies,
security should be something that is continually thought about and
enhanced. When a security feature is put into place it must be
maintained and not forgotten about. In so many cases a security
feature needs to be continually updated due to the every changing
environment. Something else to consider is, has a security feature
been “temporarily” turned off when fixing another issue and not
been turned back on.
Here is something
that really needs to be thought about. Think about the whole BYOD
(bring your own device) situation for companies. Is the BYOD
something your company has thought about or is dong? BYOD isn't just
the tablets and smart-phones, it is also the external hard-drives,
usb keys, flash drives and laptops.
If you are
considering changing from company issues devices to employee owned
devices you might want to think about some of these points:
-
Ownership of the device and do you have the legal right to access the data on it?
-
The actual management of the data on the device and who is responsible for backing up the data, it should be the responsibility of the owner of the device.
-
When do staff have access to the corporate data and what data is available to each person.
-
What data can be saved to the personal devices and taken off-site.
-
Are there policies about BYOD, usage, backing up data, etc.
-
Are there standard devices or can you bring in whatever you want.
-
Who manages the devices, if not corporate property it should be the corporate staff that is responsible.
-
If a BYOD device is infected and is plugged into the corporate network it then infects the corporate network. The infection is now the corporate IT's staff problem.
-
The devices need to be updated and patched on a regular basis. Who is responsible for that?
These are just a few
of the points that need to be thought about when deciding to
implement the whole BYOD idea for a company. So, when you think
about the whole BYOD program, think about all the hidden costs to the
business. Are these costs something that a business wants to incur
or is it something that could be avoided with the right equipment,
policies and procedures.
It has actually been
shown that it is cheaper to issue corporate devices than to try and
maintain the BYOD items. This is is true when the company issues a
list of standard supported devices because of all the other issues
that can happen.
Security for a
business will be an ever growing thing. Do you want some of the
risks that BYOD can bring to your business? By having the necessary
equipment provided from within you can eliminate some of these hidden
risks and unknown costs.
Security can be
summed up this way “Security is not having to say I'm Sorry”.
No comments:
Post a Comment