Could your staff unwittingly be a security risk to your organisation? Do you use your phone to check work emails in the evening? Access a work spreadsheet on your tablet from the comfort of your sofa? If the answer is yes, you could be putting your business security at risk.
A recent article by Infosecurity Magazine highlights the risk employees are exposing their business to through the use of personal devices. Sharing the findings of a survey undertaken by Symantec, it highlights that 72% of British workers use their own phones, laptops, PCs or tablets for work and only 54% could confirm that the security on that device was up to date. Additionally, the survey found that just over half the employees were using their personal devices outside their place of work. So your organisation may have a security policy, but is it doing enough to protect your business from the use of personal devices and work conducted outside the workplace?
So why should businesses be worried?
If staff are using their own devices to access business networks the risk of a virus or malware entering the workplace network is increased. If that member of staff is using a tablet, for example, without robust up to date security, your business data and security are at risk.
How can you reduce the risk to your business ?
Inform your workforce
- provide clear guidance on remote working. Be clear on the rules for using personally owned devices for business activities.
- ensure your employees are aware of the impact a virus or malware attack could have on your business.
- explain the importance of security settings on personal devices, if they are to be used, and keeping them up to date.
- educate staff about whaling and phishing emails and how to identify them.
- ensure they aren’t using personal email accounts on business PCs and laptops or visiting insecure websites.
- enforce good password security ensuring old passwords are not reused. Consider using a password manager such as LastPass
Ensure you have a relevant and up to date security policy –
- consider including guidelines on using business owned hardware outside the workplace
- your policy should cover the use of personal devices for work purposes.
- you may want to prevents the use of personal email accounts (including Yahoo, Gmail, Outlook etc) on a business PC or laptop.
- include guidance to ensure personal laptops are not used in the work place, unless covered by a business Office 365 licence.
Incident Management Plan –
- make sure you have a robust plan in place should your business come under attack from a virus or malware. Share the plan with all staff. Incident planning will help to minimise the damage and cost which can result from an attack. Your IT support provider can guide help you put a plan in place and also offer guidance on a security policy.
If your business is in need of security advice or help reducing the risks of a cyber attack, contact us for a free consultation.