On the heels of the latest breaches against widely-used online platforms Facebook and Google that affected millions of users worldwide, Kaspersky Lab today puts the spotlight on the role of employees in keeping companies secured while enjoying the perks of the Bring-Your-Own-Device (BYOD) trend.
“Employees are the soldiers of the corporate world — both for the biggest conglomerates and the smallest stalls,” says Siang Tiong Yeo, General Manager at Kaspersky Lab Southeast Asia. “People are truly the asset of a successful business, but they have also proven to be the weakest link that could cripple a company especially when it comes to cybersecurity.”
“There are over 60 million Filipinos with a mobile device, and all of them are present online, primarily on Facebook. Without a doubt, the Philippine’s workforce is social and are always connected even at work. This opens more doors for cybercriminals to exploit, anytime. At this time where the financial impact of cyberattacks continues to be extremely costly, securing the BYOD practice among employees is more than necessary,” warns Yeo.
The Careless Workforce, The Worried Employers
Despite the dangers of BYOD, Kaspersky Lab’s research showed that employees are not equipped enough to guard their devices, and employers are aware of this situation.
The study revealed 33% of businesses globally are concerned about the security repercussions of BYOD and 52% have confessed that their employees are their IT networks’ biggest weakness.
In fact, the top three cybersecurity fears of employers are linked to human error:
- 47% are afraid that their workers might share confidential corporate data on their mobile devices
- 46% fear their company will be put at risk if employees lose their smartphones, and
- 44% are worried that their staff are using their IT resources inappropriately
Are these fears valid? The same Kaspersky Lab’s research revealed a resounding yes.
The findings showed that carelessness of employees is the second top reason behind a detrimental security breach, next to a malware attack. The survey also revealed 46% or almost half of the successful cyberattacks against businesses last year are partly influenced by or affected by human error.
The study further revealed the consequences of irresponsible staff which include leaked corporate data, loss of highly sensitive or confidential customer/employee information, and loss of payment information.
While these seem too harmless, these implications can have far-reaching consequences, not just monetarily but also in terms of the reputation of the company.
How to be Careful: Train the Employees
The BYOD trend runs with company’s trust — that their employees will act and use their freedom and their devices responsibly and protect the corporate data they are handling, vigilantly.
But with devices being lost or stolen by and from anyone, anytime, anywhere, and with employee’s careless online habits, Kaspersky Lab suggests that companies envision a visible and more centralized management of the corporate networks.
“A centralized management of corporate networks includes training the employees to become more aware of the risks present online and to know the possible consequences when they let their guards down. We highly suggest not to create stricter rules as such would only make your staff secretive — the more rules, the more violations,” adds Yeo.
BYOD: Basic Commandments
To start securing the corporate networks without ditching BYOD in the workplace, here are Kaspersky Lab’s basic recommendations:
- Don’t let the phishers inside. Phishing letters are the first attack vector for a long list of other online threats. Be wary of suspicious emails and links.
- Set up a guest network and keep it isolated from the internal one. Don’t allow non-employees use the internal network.
- Take the “always guilty, always wrong” approach to the “visiting” devices. Admins should monitor the smartphones employees are using for work. They should also have a remote “kill switch” on such devices in case they are lost or stolen, or the owner is leaving the company.
- Passwords should be kept privately and should only be accessible to their specific users. Use of a password manager is the best way in keeping passwords, use of stickers on the wall is the worst.
- Restrict the use of social networks, unless they are necessary over the course of work. Also, limit the use of file sharing services/clouds unless they are absolutely necessary. Perhaps this may look a bit over the top, but if there is something to lose, it is always better to be safe than sorry.