Maintaining business IT security: Passwords, BYOD and the cloud

The large number of high-profile hacking incidents that have happened over the last couple of years suggests that security breaches are simply part of doing business in the modern day.

While short-term implications such as data loss can vary from case to case, in the long-term hacking incidents nearly always result in significant reputational damage.

Aside from the obvious financial and time costs associated with a security breach, the threat to an organisation’s credibility is particularly severe. And given the volume of customer data that many companies now hold, if a company gets a reputation for being unable to properly protect this information, it makes winning back a customer’s trust extremely difficult.

To build up their defences and protect themselves, businesses need to have a clear, well-defined IT security policy which takes into account trends such as “bring your own device” (BYOD) and cloud computing, as well conventional factors such as passwords and employee training. If this policy is adequately formulated and implemented, businesses have a much higher chance of achieving enduring IT security success.

The importance of passwords

There have undoubtedly been many advances in computing security over the last few years, but the password is still the first line of defence against cyber-attack. However, research recently conducted by Siber Systems found that poor password practices employed by staff are leaving businesses vulnerable to attack.

The research showed that almost half (42 per cent) of respondents write their passwords down to keep track of them, and almost three quarters (73 per cent) allow their browser to remember their passwords for them at least some of the time.

To better prevent outsiders from undermining an organisation’s IT security standards, employers should require employees to use a unique password for each respective application or website, as well as change those passwords frequently. Weak passwords, such as those containing dictionary words and all lowercase letters, can be breached in a matter of minutes. The most effective way for businesses to address password security is to train their employees to create strong passwords, and encourage them to change them regularly.

To help employees keep track of many different passwords, employers can provide them with a password management solution. This way, staff are able to automatically create and change secure passwords with just one master password to remember.

Accounting for BYOD

The BYOD trend is one that appears to grow by the day, particularly in small and medium sized businesses, where the flexibility it offers can be particularly beneficial. Many organisations are keen to make use of the potential gains in productivity that it promises, but should also be aware of its vulnerabilities.

Since it is the responsibility of employees to keep software up-to-date on their personal devices, as well as putting in place their own security practices, it is near impossible for organisations to maintain any meaningful oversight. If staff do make use of their own phones and tablets for work, businesses need to make sure that they are accessing company IT systems in a safe and secure manner.

Protecting the cloud

The advent of cloud computing is another consideration for businesses aiming for high levels of cyber security. The cloud brings with it enormous potential benefits, such as the ability to scale up quickly without the need to invest heavily in infrastructure, but there are also security factors to think about.

While the cloud itself isn’t inherently dangerous, the shift to the cloud can expose an organisation to risk. Added to this, as cloud services continue to become more and more popular, they are increasingly a target for hackers.

Businesses should make sure that their cloud provider is both secure and reliable, as well as ensuring that any applications are as protected as possible.

Getting employee buy-in

While the individual elements of workplace IT security guidelines are important, a cyber-security policy is, in reality, only as good as the number of employees who truly buy into the idea.

By giving staff proper cyber-security training and education in the workplace, and holding them accountable for their actions, businesses can help to make sure that their employees take security seriously on both their home and work devices. By putting the right amount of time into this endeavour, organisations can know with greater certainty that they are doing all they can to protect their company’s data, its devices, and its reputation.

Bottom line on cyber-security

Organisations looking for ways to achieve high levels of business IT security in a time of technological flux must keep ahead of the trends. The cyber security landscape is constantly changing and companies must be vigilant to ensure they are adequately protected against the latest threats.

By developing a clear and concise cyber security policy and getting employee buy-in, businesses can be more confident about their operational and financial stability in the short-term, and a good reputation in the long-term.

Bill Carey is Vice President of Marketing & Business Development at Siber Systems Inc., which offers the RoboForm Password Manager solution.

Image credit: Shutterstock/wavebreakmedia