Security is a top-of-mind issue for every business. I can’t remember the last time I had a meaningful discussion with an IT professional or business owner who didn’t raise some question concerning it.
Security and productivity are two forces in a continual tug of war. Pull too hard in the direction of security and worker productivity is likely to suffer; pull too hard in the direction of productivity and security is likely to lessen. It is the balance between the two that business leaders and IT personnel strive to achieve, and it’s not an easy feat.
Security is a game of outsmarting potential bad actors, both from the outside and, more commonly, unwittingly from within. In fact, a Balabit survey showed that 70 percent of business respondents think that employees are the biggest risk to the business, due to lack of education and overall carelessness.
For inside security measures, it is not analyzing threats posed by malicious employees; it’s also analyzing the potential risks posed by employees who unknowingly may expose the organization. And since securing networks and information is only as good as its weakest link, IT professionals and business leaders need to consider everything from the network to servers, routers, devices, wireless connections, VPNs, file shares, cloud systems and email policies.
Both today and looking ahead, the biggest security risk that most companies face is related to their data and information. While there are certainly miscreants out there who will take down a network or try to attack a server or network end point, the risk of data/information loss is what keeps most business leaders up at night. These are the breaches that you hear about in the news and the breaches that cause the most financial and reputation risk for any business.
Because these types of breaches can be so disruptive to businesses and their customers, we are beginning to see new, extensive legislation dealing with such breaches. The European Union’s GDPR privacy directive, placed into effect in May, is one of a number of examples that we can point to in which legislators are taking a tougher stand on breaches involving personally identifiable information. With penalties up to 4 percent of a company’s sales, the financial impact can be steep for organizations who run into challenges.
While most organizations have strong security and controls in place for networks, they cannot always effectively control content created by individual workers via core desktop software and email. In addition, how can companies ensure that this content is capable of being managed and secured, especially when shared outside of the organization?
Email is a whole other category when it comes to content security and risk mitigation. Because email is the most mission-critical application in businesses today, the potential for security disasters is quite high. Despite this, however, email security (other than virus/malware protection and spam filters) is relatively lacking. For example, according to a recent article in GDPR:Report, citing research by data security company Clearswift, nearly half (45 percent) of employees have accidentally included banking information in email sent to an unintended recipient outside the organization.
Security and privacy will continue to be challenging issues for business and government alike. The introduction of new security technology will continue to be followed by attempts to “crack the code” and capture data and information deemed critical. In fact, businesses are paying attention given that advanced malware protection and prevention is the No. 1 budget priority for businesses’ IT departments. Whether to foil those with malicious or unknowing intent, IT and business leaders will need to remain vigilant to provide the right balance between security and worker productivity.