Onshore Blog

Information Security in the Age of BYOD

Posted by Scott Janovitz Jun 8, 2017 1:20:14 PM

Your company’s data is probably one of its biggest assets and probably one of its biggest liabilities. I don’t need to tell you this. Our social media feeds are filled with stories about data breaches, ransomware attacks, security-guard-guarding-information.jpgphishing scams or some other sort of attempt at mass identity fraud via system vulnerabilities. In a world dependent on electronic systems and practically shaped by the 24-hour news cycle, there is no forgiveness for any error in data security. The loss of any sensitive information can be a huge black eye and lose your business the trust of customers, stock-holders… even your own employees. And there are very few protective layers between your data and the bad guys.

Security vs. Mobility

When thinking about information security, the first idea that comes in mind is the protection of information, whether it’s stored onsite or on the cloud. In our mobile-obsessed, BYOD, never-off, remote workers culture, it’s more important than ever that all computer systems are safe and act exactly as expected. It’s expected that this information entrusted to you and stored in your system will remain stored and intact in the appropriate place, available any moment, from anywhere and, of course, without unauthorized persons having access to it.

Your first instinct may be to lock down all information like Fort Knox. But too high level or too broad of security can certainly cost you loss of speed due to the bureaucratization of processes and result customer frustration. Plus, there are significant advantages to being flexible with IT policies like BYOD. In adopting robust information security policies, it’s key that there isn't zero risk. Instead, there should be several levels of security installed; each level appropriately secured according to the sensitivity of the information and the nature of your company’s business.

Strategies for Corporate Information Security

From anyone on the Fortune 500 list to your dry-cleaner, we all must be vigilant in the protection of information. For most, it’s an absolute that there be efficient and transparent management of information security, with policies that are in tune with the reality of business.

To ensure the security of data of any company there must be clear rules and procedures, which must be followed by all users of the company. The greatest difficulty for large organizations is to ensure that all their employees know and follow safety standards and policies correctly, understanding their importance.

It’s important to set norms and rules early in regards to the regulation of company systems. This includes policy surrounding access to social networks and personal e-mail on company equipment or the use of personal devices for work-related tasks and communications. You should also use this opportunity to disclose any activity monitoring on your systems. It may be convenient to combine this security policy with the employee's employment contract or handbook. Everyone must take a role in information guardianship, after all, you’re holding some of their vital information as well!

Better Now than Too Late

Waiting until an incident occurs will have an almost irreversible impact. As we all know, it’s usually easier to prevent an injury than to cure it. Information security then should not be seen as an expense, but rather a mandatory investment. When seeking executive buy-in for new security processes, watch out for red tape, other company priorities cutting ahead of the line, or deadline push-backs. Any one of these factors can derail your efforts in adopting appropriate security measures, so be well-prepared to defend your arguments.