Users Are Still the Weakest Link
You can implement rock solid network security; enforce strong, complex passwords; and install the best anti-malware tools available. Most security experts agree, however, that there is no security in the world that can guard against human error.
Consider your house--you can have a solid steel door, an industrial strength deadbolt, and an alarm system straight out of a Mission Impossible movie. But if you forget to lock the door or engage the alarm system, it won’t do any good.
The same logic applies when it comes to computer and network security, and it’s exacerbated by the growing BYOD (Bring Your Own Device) trend.
BYOD comes with a variety of pros and cons. One of the benefits frequently cited for companies that embrace BYOD is cost savings. If the users are buying their own gadgets, and they’re responsible for maintenance and upkeep, it removes that burden from the organization.
A recent survey by Lieberman Software found that many IT professionals don’t agree. An overwhelming 67 percent believe that allowing employees to connect their own USB thumb drives, smartphones, tablets, laptops, and other gadgets to the corporate network actually increases costs overall.
The survey respondents consider BYOD to be a significant risk. Nearly half (43 percent) claim that users introducing malware to the company network is a serious IT headache. About a quarter of those surveyed are also concerned about users losing a BYOD device, and a quarter are worried about protecting company data on a user’s personal device.
If users are the weakest link when using company-issued PCs managed by IT, imagine how difficult it is to protect devices and secure data when the users are wholly responsible. IT professionals need a way to enforce policies and protect data on devices that don’t belong to the company. It’s tricky.
Smishing and phishing attacks are a serious threat. Whether through SMS text messages or email, these attacks trick users into clicking on links to malicious websites, or surrendering sensitive information such as usernames and passwords. Users that fall for smishing or phishing attacks put company data and network resources at risk.
If a user loses his or her smartphone it may be a personal tragedy. If a user loses his or her smartphone that is used for work as part of a BYOD program, it could put gigabytes of sensitive company information at risk.
Companies that embrace BYOD programs should have policies in place that govern how personal devices are used, and what data can be stored on them. IT admins should have tools that enable them to monitor and manage BYOD devices, and protect data remotely—even on BYOD gadgets that have been lost or stolen.
Even with those things in place, though, the users will still be the weak link in the security chain. It’s trite, but the best solution is education and user awareness. Users need to be informed of company policies, aware of the potential risks, and educated about common sense techniques to recognize and avoid threats, and protect data.