Security isn't just the locks on the doors. Part of it can also be having the proper policies, procedures and processes in place.
For companies, security should be something that is continually thought about and enhanced. When a security feature is put into place it must be maintained and not forgotten about. In so many cases a security feature needs to be continually updated due to the every changing environment. Something else to consider is, has a security feature been “temporarily” turned off when fixing another issue and not been turned back on.
Here is something that really needs to be thought about. Think about the whole BYOD (bring your own device) situation for companies. Is the BYOD something your company has thought about or is dong? BYOD isn't just the tablets and smart-phones, it is also the external hard-drives, usb keys, flash drives and laptops.
If you are considering changing from company issues devices to employee owned devices you might want to think about some of these points:
Ownership of the device and do you have the legal right to access the data on it?
The actual management of the data on the device and who is responsible for backing up the data, it should be the responsibility of the owner of the device.
When do staff have access to the corporate data and what data is available to each person.
What data can be saved to the personal devices and taken off-site.
Are there policies about BYOD, usage, backing up data, etc.
Are there standard devices or can you bring in whatever you want.
Who manages the devices, if not corporate property it should be the corporate staff that is responsible.
If a BYOD device is infected and is plugged into the corporate network it then infects the corporate network. The infection is now the corporate IT's staff problem.
The devices need to be updated and patched on a regular basis. Who is responsible for that?
These are just a few of the points that need to be thought about when deciding to implement the whole BYOD idea for a company. So, when you think about the whole BYOD program, think about all the hidden costs to the business. Are these costs something that a business wants to incur or is it something that could be avoided with the right equipment, policies and procedures.
It has actually been shown that it is cheaper to issue corporate devices than to try and maintain the BYOD items. This is is true when the company issues a list of standard supported devices because of all the other issues that can happen.
Security for a business will be an ever growing thing. Do you want some of the risks that BYOD can bring to your business? By having the necessary equipment provided from within you can eliminate some of these hidden risks and unknown costs.
Security can be summed up this way “Security is not having to say I'm Sorry”.
Post a Comment