Overcoming the human risk factor
When thinking about cybersecurity, it’s common for companies to default to conversations about just the technology or people. Many have purchased and implemented bespoke software to try to prevent hacks; tools for threat and compliance monitoring; and VPNs to address trends such as BYOD and cloud-based working.
This approach is necessary and admirable — when fighting a cyber war, it makes sense to engage in the same battlespace. There are many sophisticated strategic technologies on the market built to help keep an organisation’s IP secure, and their implementation is a vital part of any security strategy.
However, one of the biggest threats to digital safety is to be found offline. In a recent think tank hosted by BlackBerry, security experts and business leaders gathered together to discuss the security challenges that Australia and our global neighbours are currently facing, and how best to combat them. A common theme was the human factor. Almost every member of the think tank was able to provide extensive examples of how people could unravel even the most well-thought-through security strategy.
One of the challenges identified was that security was often perceived as a barrier to productivity, rather than a critical safeguard. Many employees feel that security is linked to sluggish performance, barriers to success and red tape. A recent BlackBerry security survey found that 82% of global executives felt that security precautions, specifically in mobile working, caused at least some frustration amongst their employees. Incredibly, 44% of employees felt too much security could stop them from doing their job altogether.
Due to this negative thinking, companies are highly aware of employees circumventing security measures. Telsyte’s research into mobile working practices found that 62% of Australian businesses are worried about the risks of errant employees storing sensitive information on cloud services.
This perception is unthinkably damaging. The logical (but irresponsible) response for many is to remove these barriers; if not, the bottom line can be negatively affected. But this approach can be disastrous as they leave themselves vulnerable to attack, which could in turn have far greater consequences for the brand.
A better approach would be to deploy security solutions that better match existing employee behaviours — an attitude which seems to be resonating with Australian businesses. For example, rather than forcing employees to use company-provided storage, 75% of companies within Telsyte’s Enterprise Mobility survey said they were working towards delivering an enterprise-grade file sharing service to accommodate both employee workflow and company needs.
However, a set-and-forget model, no matter how well it is researched or intentioned, will not provide long-term success.
I’ve come across companies that place significant focus on the internal communication of security initiatives. By choosing solutions that empower the workflow but at the same time come with the right level of security — tightly integrated and transparent to the end user — these organisations are able to march towards their business goals without having to live with a high level of risk. Invariably they are the ones that have the most successful security measures in place without compromising productivity — as the employees are fully behind the purpose.
On the other hand, as one of our large healthcare customers has discovered, when there are two owners of data on a BYOD device, organisations must differentiate between work and personal perimeters. Treating such devices as a single security perimeter with a common MDM control has caused tremendous issues for them, both in terms of productivity and user satisfaction.
By first assessing behaviours in your organisation, then creating procedures around this that are better communicated back to the business, you can combat this negative view of security procedures. In doing so, you can protect, not hinder, the productivity of the organisation — the aim of us all.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.