When the “bring your own device” (BYOD) trend first emerged, many companies were uncertain how to handle data security and ensure their data wasn’t compromised or put in the wrong hands. Today, CIOs and CISOs are well aware that BYOD is one of the biggest threats to enterprise data security. Employees bring their cell phones, iPads and laptops to the office and use them for personal and corporate purposes. Adding unsecure devices such as these to the IT ecosystem threatens the company’s network and could lead to compromised data.
Nearly 70 percent of security professionals say losing company or client data is their biggest BYOD security concern. In particular, when employees are fired or leave a company, deleting corporate data on their personal devices is the last thing on their minds as they’re on their way out the door. They often end up bringing company data with them on their personal iPads and smartphones. Or worse — they delete all of their email, customer information and corporate files. As a result, the company either feels in jeopardy of having the employee share sensitive data or feels at risk of losing important company information. As an IT manager for many enterprises, I’ve seen both of these scenarios harm companies and their customers just as much as invasive ransomware such as Cryptolocker.
Not long ago, one of my customers was the target of Cryptolocker via malware that got onto the system through a phishing email. This attack exposed confidential data, including customer Social Security numbers and corporate business plans, and blocked employees from accessing any data. Employees were locked out of files on the corporate network and in Dropbox accounts. Since the firm hadn’t properly backed up its data, it suffered huge financial losses and reputational harm. Within a year, the company went out of business. While this can happen to anyone, companies without concrete BYOD policies have a significantly higher risk of falling victim to ransomware, as IT managers cannot monitor data and apps used across devices.
In either case -- protecting against BYOD risks or ransomware -- endpoint backup is the only solution to monitor data consumption trends, restore data and proactively protect against devices being compromised. (At Peterbilt, we use CrashPlan from Code42.) BYOD and mobile threats are exacerbated by the increased use of public clouds. Unfortunately, 67 percent of organizations don’t have a policy in place around public clouds and 80 percent haven’t trained employees how to properly use the platforms. Employees move sensitive customer and corporate data to their personal cloud accounts so they can easily access the information from home. They simply think about how they can work most productively without considering the need to put proper security measures in place, and since the data is in a personal account, IT no longer has control of the data. Cloud storage services typically lack the security options that enterprises need, including strong password requirements and strong encryption.
Unfortunately when data is compromised, companies often experience huge financial losses and reputational harm that leads the company to go out of business, as in the example mentioned above. The average loss in brand value following a breach is $184 million to $330 million, depending on the severity of the breach. A good endpoint security policy that’s proactive rather than reactive mitigates the risk of losing data. Here are four tips to keep enterprise endpoint data secure:
1. Write — and continually update — a carefully worded BYOD policy that covers authentication and types of data storage. As more devices, technologies and tools enter the market, it’s important to revise your policy to incorporate those.
2. Outline data security requirements for personal cloud accounts. Ideally restrict use of personal cloud accounts for corporate use, but if that’s not an option, at least mitigate the risk of data being compromised.
3. Practice restoring files on a monthly basis to make sure your disaster recovery policy and plan is sound. Also make sure that employees other than the CISO or CIO know how to restore the files in case they’re out of office and data is compromised.
4. Require strong passwords. Consider making two-step verification mandatory as an added layer of security in case an employee’s device lands in the wrong person’s hands.
A good backup and endpoint solution is more than an emergency plan; it’s security against the financial and reputational damage that can threaten a company’s existence when data is compromised.