For a CISO contemplating the threat landscape, the dangers lurking within the castle can feel far greater than those trying to scale the walls. Of all the threats building around your enterprise, your employees will always have the best vantage point and the quickest access to company information. They are just as responsible for enterprise security as its security infrastructure, if not more so. Unfortunately, even the slightest negligence can compromise the biggest castle.
The remedy for the threat residing behind your own walls is a transparent IT department that embraces the role employees play in safeguarding the enterprise. As more employees demand a mobile workplace, the endpoints are growing exponentially. You can’t manage them all, so help your endpoints manage themselves. Security professionals have the opportunity to empower the business by educating employees, but this is an information exchange, not a lecture. Equip them with practical guidelines for daily procedures and listen to their pain points, making it a cyclical, reciprocal experience.
In a recent reading of 10 standards for employee safety, three in particular stood out to us as being priorities for the mobile workforce:
Talk About Social Media
As one of the most significant enterprise disruptors, social media epitomizes tremendous vulnerabilities for the enterprise. It is now the most common online activity worldwide and that’s not going to change anytime soon. Yet there are still the 25% of people who don’t cater their privacy settings on Facebook. Employees must be taught how to post online in a way that doesn’t compromise any proprietary information to the public or competing businesses. Educate them on what can be said on a public-facing level, and walk them through privacy settings to build awareness. Honesty is the goal — once we accept that social media is as much a part of our professional life as it is personal, we can isolate legitimate solutions.
Install That Update
Most vendors will regularly update or patch software to ensure the most up-to-date security and user experience. All software should be configured to install updates automatically; if you can remove it from employee control, do so. If not, demonstrate the value of updates to your employees. Put it in layman’s terms: You wouldn’t install a decade-old alarm system on your house because you know technology has advanced and new systems will protect you better. The same applies to patches. Restarting your computer is a minor inconvenience in comparison to the viruses that could take hold of outdated software.
Secure Wi-Fi Networks
Encourage mindfulness of what networks employees are connecting to — a greater mobile workforce means more employees considering connection to public networks. Teach best practices on securing Wi-Fi at work, on the go, and at home. Encourage users to turn off Wi-Fi whenever not in use, as well as disable apps that draw from location services. Most importantly, emphasize that these seemingly small habits equate to huge savings for your enterprise.
Good employee security practices should demonstrate a user-centered IT department, one that acknowledges the importance of communicating with users. There will always be heightened risk when it comes to employee security practices, the trick is learning how to listen and act accordingly.
For more information on keeping your mobile employees safe and secure, please see, “10 Quick Tips to Mobile Security: Guide.” We also have more resources on enterprise mobility here. To continue the conversation on Twitter, follow us at @IntelITCenter or use #ITCenter.