Relaxed computer and internet usage policies might make employees happy, but can in many ways put company data in jeopardy.
IT professionals have a lot of security threats to deal with these days. Bring-your-own-device (BYON) and even bring-your-own-network (BYON) practices are growing steadily and various internet and device related conveniences and services are growing faster than IT professionals can keep up; often causing them to struggle with the security risks.
According to an Infoworld article, the latest security threats for IT admins are third-party cloud computing services. Employees are unknowingly (or knowingly in some cases) exposing company information to security risks by using services like Dropbox and Google Drive.
Employees like to be able to easily access documents they need whether they’re at work or not. Having remote access to company documents that were previously only accessible on the company server allows employees to do more work at home and ensures that work can happen from anywhere. These benefits aside, the more hands company information is placed in, the more likely it is that some mischievous hacker will be able to nab it.
Companies like IBM have developed cloud policies in which they block internal access to services like Dropbox, iCloud, and even Apple’s digital assistant Siri, while other companies like VMware and RightScale are adding features to their products that allow better cloud management and can lock down cloud access.
End users often don’t know the risks they are taking when they use the cloud and some simply ignore policies their company already has in place. Some users have awful passwords or fall for phishing scams which can result in the theft of company data. If a cyber-criminal can trick an employee into giving up his Dropbox password, then any important or sensitive company information stored there is exposed and accessible.
The article suggests that although some end-users are to blame, some simply don’t know the risks they’re putting the company in; many lack the training or knowledge required, and some companies simply don’t communicate their policies on these types of services. IT admins can make their jobs easier by not only securing access to third-party cloud services but also ensuring that employees attempting to gain access understand policies and strictly adhere to them so that data stays safely within company controlled systems.