If you are responsible for managing risks in your organization, you know that any unforeseen incident can endanger the assets and earning capacity of a business. While it’s clearly important to have a solid insurance program in place, having a comprehensive risk control plan in place is equally important.
As the concept of Bring Your Device (BYOD) enjoys growing popularity amongst businesses, many employees are celebrating their newfound freedom of accessing data on the go beyond the confines of the cubicle. By using the BYOD concept, companies are enjoying reduced costs in the form of decreased expensive hardware configurations and are seeing the benefits of having a growing mobile workforce. However, what these firms did not anticipate was the growing possibility of data security breaches.
Hackers can breach company networks using linked applications, such as a company’s email account to access, extract and erase sensitive data. By accessing social media and personal email accounts, hackers easily obtain the information they need to wreak havoc.
In addition to securing a solid corporate insurance program for your organization, there are five things your company can do to overcome these security risks with BYOD. Jeff Stark, CPA, describes the following measures to help prevent a data security nightmare.
Identification of weaknesses and risk assessments. Sensitive data can’t be protected if it is not identified. As a result, Stark recommends that you begin by educating users on which data is confidential. It’s also important to follow up with assessments of your firm’s physical and network security. The rule of thumb is that if there is easy remote access to data storage sites from mobile devices, then effective network security is not sufficient. One measure is to ensure a password policy consisting of minimum character lengths, special characters, and changes to the password on a regular basis. Remember to have your IT department insist that employees not write down their frequently changing passwords and leave them in plain site in their workspace.
Establish levels of access. General users should not be granted access to the same areas that administrators and other higher end IT personnel have. Stark recommends that these “super-users” access a separate rights account or role for network management.
Use firewalls and encryption. Firewalls prevent unauthorized access to begin with and are a basic requirement. Network encryption adds a second layer of protection to prevent the wrong parties from accessing sensitive data.
Use offsite backup systems. Catastrophic data losses occur when in-house equipment fails or is breached. Whether it is cloud-based and/or physically located offsite, data is more adequately protected from many types of disasters as well as physical security breaches and damages.
Periodic auditing. Just because you have established data security measures, it doesn’t mean that you can now rest and let your guard down. You must carry out periodic risk assessments because of ongoing changes and upgrades in software and hardware which may change access capabilities. Stark recommends that you conduct audits at least once a year or whenever you make major change to the network.
While the BYOD concept has saved costs and facilitated a mobile workforce, it has also created a whole new set of security issues that you must address. As your organization assesses risks and establishes a solid insurance program, consider taking steps to prevent catastrophic data losses through breaches that can occur easily without a BYOD policy.
The members of TechAssure Association assist companies with insurance and risk management solutions that are unique to the technology sector. For more information on cyberliability insurance and other services, please give us a call.