When it comes to balancing productivity and data security, business owners are dealing with a dilemma. Do you improve access or do you protect your corporate assets?
This issue is a reflection of our world today. Should we open our borders or should we put up a wall? Should we negotiate with Cuba or should we keep up the embargo?
In reality, the answer for politicians and upper management like yourself lies somewhere in between.
Employees: Your worst IT risk?
Getting down to business, the nightmare for management typically sits behind your desks. These rogue users include everyone from that new marketing hotshot you hired to your co-founder who you’ve stuck with through thick and thin.
The bottom line is that more than 63 per cent of business threats come from inside your organisation. This could be due to laziness, non-secure procedures, or even foolishness.
On one hand, you have Shadow IT risks, where over 15 per cent of files in the cloud contain sensitive data and 92 per cent of companies have cloud credentials for sale on the dark web. On the other hand, social engineering attacks leave your data and financial resources at risk. In fact, the average cost of a data breach was $3.8m (£2.6m) in 2015. Astonishing. What’s the genesis of these threats? The people lurking within your office.
But is it fair to call your closest confidants the threat? These are the people who drive productivity. These are the individuals who impact the bottom line. Whether marketing, accounting or sales, these are the folks who are approaching problems creatively and driving the business. Why should you slow them down?
Maybe the real problem stems from the gatekeepers, specifically your data nerds and technologists. From the help desk to the CIO, they could be letting you down. Why aren’t they implementing the hybrid technologies that give your team the tools they need to send sensitive files to folks inside and outside your company?
Technologies like hybrid cloud storage help because they take your storage and add compliance features and accessibility enhancements, like versioning. That means if your new marketer accidentally downloads the cryptovirus, you can roll back your data. That means IT can see where their files are and what activity surrounds them. For example, if your CFO sends a spreadsheet with payment data across the globe, you can delete that shared link and look at audit data around the files to look for a 'security incident'.
But instead of an easy tool like the hybrid cloud, your employees use their personal email or cloud storage account because 'it’s just easier' and it has bigger attachment size limits. IT hasn’t delivered suitable technology that balances security and access for the employee. If the employee is the problem solver, then IT must be the main obstacle! Well, that’s debatable...
Think about it, did you tell these employees they couldn’t use their cloud storage account or personal email? Did you educate them on phishing tactics during a lunch-and-learn? Is all this in an employee-signed policy somewhere? Did you tell IT to go with a less user-friendly solution because it saved the bottom line?
Setting the tone
Your nightmare doesn’t start with someone sitting in a cubicle, it starts with you. They’ve just followed your direction. Look in the mirror, you’re the leading rogue user that could bring your company to a crumbling digital heap.
Ultimately, rogue users originate from a cultural issue, which begins with management and culture. Employees are trying to get around obstacles and collaborate with people inside and outside the organisation. IT is trying to keep everyone happy, the company safe, end-users satisfied, and the budget in the black.
As upper management, you set the cultural tone. You need to tell IT to find the right secure file management technologies to revolutionise the way your employees work in a positive manner. It’s time to take the next steps to improve the culture surrounding rogue users in your workplace:
- Increase communication to improve cross-department trust
- Implement security training so people understand the tools and obstacles
- Centralise authority and assign responsibility so people know what to do and who is accountable
- Conduct regular audits to understand upcoming threats and current business trends
- Adopt balanced technologies that let people work efficiently and give IT enhanced visibility and security for better compliance
John Hurley, president and co-founder of SmartFile