With employees increasingly using non-corporate devices to undertake company business over untrusted networks, organisations face a significant security challenge with these unmanaged devices providing little or no visibility of usage.
Worse still, the use of shadow IT presents a severe security threat and it can be difficult or even impossible to know if unauthorised IT is being used or what it is being used for. Without understanding what data is being stored or shared by users and where, there is no way to understand the associated risks or to ensure that the data is appropriately protected.
The only practical way to tackle this situation is to proactively engage with the user community, understanding their needs and frustrations, to work together to find secure solutions that are easy to use. With security as an enabler providing the solutions they need, users are less likely to seek unauthorised alternatives.
But that’s only part of the solution. It is essential that users understand the security risks associated with today’s ways of working, and the part they play in keeping information secure. For some organisations this can be a significant cultural challenge, but educating users about security risks, including risks that affect their personal devices and personal information, is essential and ultimately keeps them in a job.
Importantly, both the dialogue around solutions and the awareness training need to be continuous and ongoing. Listening and responding to the needs and concerns of users and managers ensures that solutions to get their job done effectively and securely can be delivered in a timely manner.
This may be a new way of working for some IT and security professionals who have previously delivered only one-way communications to business users regarding enterprise solutions, company policies and security threats. This change in mind set is however essential in establishing an effective and successful security strategy and a positive change in cultural behaviour.
AgilityIS can help you adapt to the realities of the modern mobile world, building trust with the business and users, and providing awareness training around security and social engineering threats.