\ Employees Run Risks by Accessing Email and Shared Docs using Personal Devices
Feature: Page (1) of 1 - 08/22/18

Employees Run Risks by Accessing Email and Shared Docs using Personal Devices

By Tom DeSot, EVP and CIO of Digital Defense, Inc.

Employees continue to struggle to recognize security policies at their companies, according to a recent survey by Clutch. 1,000 fulltime employees were surveyed about their IT security awareness and behavior. Here are some of the key Findings: 
  • 64% of employees use a company approved device for work purposes 
  • 40% have encountered regulations regarding the use of personal devices for work purposes 
  • Of those who use their personal devices at work, most (86%) use them for email. 67% use them for shared docs. 
So, what do these findings say to you about employee security practices/behavior? Because mobile devices are increasingly utilized for work, organizations must develop security regulations to ensure critical organizational data is not compromised. Email communications and the access to company documents must be properly secured. Employees must realize that if they are utilizing a company mobile device, they are bound to security policies/practices and must acknowledge their responsibility to ensuring there is no risk for compromise of data.

Employees still run risks by accessing email and shared docs using personal devices, even if they are company approved. The risks are much the same as information that is accessible through a breach on a traditional device.  Depending on the organization and the level of access granted to the employee, the information available through email and corporate documentation, a cybercriminal could gain access to the following information:
  • Intellectual property
  • Corporate strategies
  • Financial information
  • Employee Information such as social security numbers and data on salaries 
  • Client information on consumers such as credit card numbers and sensitive personal data
Following are some suggestions to help ensure security among employees using personal devices for work.
  • Before enabling employee access to organizational data, the company should have in place policies surrounding mobile devices. Regular security awareness training on mobile device security should be conducted to assess employees' retention and adherence to policies.  
  • Provide clear guidance to employees such password development such as the number of characters, utilization of password managers (i.e. password vaults) and the frequency of mandatory changes of passwords.
  • Ensure employee mobile devices have enabled encryption, GPS and Remote Data Wiping Capabilities to protect against exposure in the event the mobile device is lost or stolen.  Any such incident must be reported immediately to the department in charge of information security.
  • Employees must agree that they cannot allow any other individual, including coworkers, family members of friends to access their phone if it contains corporate data (yes, this actually happens and poses a high risk for the exposure of sensitive data).
  • Since many Apps have not been developed with rigorous security and hackers are developing malicious Apps, a strong App policy should be developed and communicated.  Employees must know the company's policy on App Use and only load approved Apps.

Tom DeSot, EVP and CIO of Digital Defense, Inc.

As CIO, Tom is charged with key industry and market regulator relationships, public speaking initiatives, key integration and service partnerships, and regulatory compliance matters. Additionally, Tom serves as the company's internal auditor on security-related matters.

Prior to Digital Defense, Tom was Vice President of Information Systems for a mid-tier financial institution with responsibilities including information security initiatives, the Y2K program, implementation of home banking and bill pay products, the ATM/debit card program, and all ATM networking.

Tom holds a Master of Science degree in Information Technology with a concentration in Information Security from Southern New Hampshire University and a Bachelor of Arts in Applied Arts and Sciences from Texas State University (summa cum laude).? He also holds the National Security Agency's INFOSEC Assessment Methodology Certification and is formally trained in the OCTAVE Risk Assessment Methodology.

Tom currently serves on the information security curriculum advisory panels for Texas A&M University-San Antonio and Hallmark University - San Antonio.  He is as active member of the North San Antonio Chamber of Commerce IT Committee, and has delivered cyber-security and cyber-ethics presentations at the University of Texas at San Antonio.

Related Keywords:iphone,

Source:Digital Media Online. All Rights Reserved

Our Privacy Policy --- @ Copyright, 2015 Digital Media Online, All Rights Reserved