The Ponemon Institute [PDF] surveyed 703 IT security professionals, asking them what factors have increased their data breach risks. Here are the three biggest risks factors they found:
- Cloud security (73 percent).
- BYOD workplaces (68 percent).
- Employees working from home or remotely (63 percent).
The last few years have brought revolutionary new ways of managing IT (e.g., the cloud). The consensus among IT professionals? Productivity is increasing much faster than security.
IT departments are still figuring out how to secure employee devices, BYOD workplaces, and protected data when it can be accessed from multiple locations via the cloud. Let's look more closely at these three major risk factors.
3 Growing Risk Factors in Your Client's IT
Because data security changes from year to year, it's important to track what other IT security specialists believe to be the biggest risk factors each year. As an IT consultant, you're obligated to stay on top of data security trends. You can be sued if your IT fails to address your clients' biggest risks (to learn about covering your IT lawsuit risk, see Professional Liability Insurance).
Let's look at what other tech contractors are saying about the three biggest threats to their organization's data security and what you can do to minimize these risks.
- Cloud security. Depending on your view, the cloud is either a revolution in data security or a disaster waiting to happen. In reality, the same pitfalls that plague basic tools like email also threaten cloud security. Logins can be stolen by simple phishing attacks, exposing data on the cloud. Employees downloading work files on home computers can lead to data stored in non-secure locations. Train your clients in best practices for the cloud and require two-factor authentication to limit the damage of a compromised login.
- BYOD workplaces. The rise of the bring-your-own-device workplace has introduced new challenges for IT staff. With so many mobile devices and laptops operating on different networks, companies are exposed to an increased risk of data breach. Evidence shows that cyber criminals have responded to the increasingly mobile workforce: 75 percent of IT security professionals now believe that their mobile devices have been targeted by malware (an increase of 7 percent since last year).
- Employees working remotely. Remote employees introduce a wide range of risks, including open Wi-Fi vulnerabilities and exposure to a wide array of malware across non-secure networks. In addition, the remote access apps that your employees may use to access their work network from home can pose a serious risk for their organization (see "Trouble Apps for Security: Help Clients Manage Risk" for more on common apps that can pose a security risk). Depending on the scale of your client's operation, setting up a private cloud or secure VPN to help remote employees work securely may be an option.
Security Is Changing and So Are Your Professional Liabilities
Data security is a divisive subject among IT consultants, and yet, the majority of IT professionals agree that…
- "Shadow IT" increases when employees work from home.
- More mobile devices mean more risk, including an increase in malware attacks.
- Old prevention strategies like firewalls and antivirus software are less effective than they once were.
There's a growing gap between what employees think is secure and what their IT department can secure. The threats have evolved, the risks have changed, and IT consultants need to offer data security solutions and customer education that addresses these new risks.
TechInsurance compiled some of the industry's best practice recommendations in our Customer Education Packet. You can distribute this free resource to clients to show them how to be security-minded users.