 |
|
|
| |||||||||
| |||||||||
Current Filter: Security>>>>>Comment> Fears and deaf ears Editorial Type: Comment Date: 05-2015 Views: 1187  |  | ||
| Would you consider stripping your employees of company smart phones and memory sticks to protect your business from cyber attacks? Their likely reaction scarcely bears thinking about. Yet this was one recent suggestion from GCHQ, the government's 'spy' centre, who referred to staff as the "weakest link in the security chain". In the '10 Steps to Cyber Security' guidance issued by CESG – the information security arm of GCHQ - in conjunction with the Cabinet Office, Business Department and Centre for the Protection of National Infrastructure – employees are advised against using phones and laptops on anything other than "trusted wireless networks", while, if they must use public Wi-Fi, a special "private network" should be installed. It's all a measure of the growing concerns in high places about the ways in which we expose our own safety, and that of our organisations, to cyber attacks. Phil Beckett, partner at Proven Legal Technologies, the corporate forensic investigation and e-disclosure experts, sums up the challenge: "Cyber attacks are not limited to large organisations and critical infrastructure companies; they actually pose a 'clear and present danger' to organisations of any shape or size. It is therefore crucial that companies tighten up their data security across the board, leaving no area of the business vulnerable to data loss." The proliferation of Bring Your Own Device (BYOD) policies has resulted in potential risks to all businesses, as the segregation between business and personal data becomes more and more hazy, Beckett adds. As such, by inviting personal devices into the office – and then allowing them to leave again, often containing confidential information – firms may actually be compromising their intellectual property, as well as their security. It's worth noting that this problem extends beyond smartphones to computers and other removable devices as well. As Beckett points out: "Data can be very promiscuous, in that it tends to associate itself with different devices in different formats. In order to protect IP and minimise fraud, businesses will need to implement rigorous policies on BYOD and managing corporate data, and carefully monitor all company devices and staff access to confidential information. Likewise, when a team member decides to move on, businesses must ensure that it is only the employee leaving and that no private data is following in his or her wake." It all amounts to advice that has been 'out there' for some time now – and businesses ignore it at their peril. Many have already paid a heavy price for such reckless indifference. You are left wondering why this 'bury your head in the sand and hope it all goes away' attitude still persists, in the face of such persistent onslaughts from increasingly grateful – and successful – attackers. But persist it does and the high price that such an approach exacts will continue to be paid.
Brian Wall | |||
| Like this article? Click here to get the Newsletter and Magazine Free! | |||
| Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |
||
