FROM CARELESS TO CAREFUL
ON the heels of the latest breaches against Facebook and Google that affected millions of users worldwide, global cybersecurity company Kaspersky Lab emphasizes the role of employees in keeping companies secured while enjoying the perks of the Bring-Your- Own-Device (BYOD) trend.
Siang Tiong Yeo, general manager at Kaspersky Lab Southeast Asia, said that while “people are truly the asset of a successful business...they are also its weakest link that could cripple a company especially when it comes to cybersecurity.”
“There are over 60 million Filipinos with a mobile device, and all of them are present online, primarily on Facebook. Without a doubt, the Philippine’s workforce is social and are always connected even at work. This opens more doors for cybercriminals to exploit, anytime,” Yeo said.
The Kaspersky manager said that securing the BYOD practice among employees, thus is “more than necessary” as the financial impact of cyberattacks continues to be extremely costly.
Despite the dangers of BYOD, Kaspersky Lab’s research showed that employees are not equipped enough to guard their devices.
The study revealed 33 percent of businesses are concerned about the security repercussions of BYOD and 52 percent have confessed that their employees are their IT networks’ biggest weakness.
The top three three cybersecurity fears of employers, according to the research, are linked to human error: 47 percent are afraid that their workers might share confidential corporate data on their mobile devices; 46 percent fear their company will be put at risk if employees lose their smartphones; and 44 percent are worried that their staff are using their IT resources inappropriately.
The study further revealed the consequences of irresponsible staff which include leaked corporate data, loss of highly sensitive or confidential customer/ employee information, and loss of payment information.
These implications can have financial consequences and can damage the reputation of the company.
But with devices being lost or stolen by and from anyone, anytime, anywhere, and with employee’s careless online habits, Kaspersky Lab suggests that companies adopt a visible and more centralized management of the corporate networks.
“A centralized management of corporate networks includes training the employees to become more aware of the risks present online and to know the possible consequences when they let their guards down. We highly suggest not to create stricter rules as such would only make your staff secretive — the more rules, the more violations,” Yeo said.
To start securing the corporate networks without ditching BYOD, Kaspersky Lab recommends the following:
—Don’t let the phishers inside. Phishing letters are the first attack vector for a long list of other online threats. Be wary of suspicious emails and links.
—Set up a guest network and keep it isolated from the internal one. Don’t allow non-employees use the internal network.
—Take the “always guilty, always wrong” approach to the “visiting” devices. Admins should monitor the smartphones employees are using for work. They should also have a remote “kill switch” on such devices in case they are lost or stolen, or the owner is leaving the company.
—Passwords should be kept privately and should only be accessible to their specific users. Use of a password manager is the best way in keeping passwords; use of stickers on the wall is the worst.
—Restrict the use of social networks unless they are necessary over the course of work. Limit the use of file sharing services/clouds unless they are absolutely necessary. If there is something to lose, it is always better to be safe than sorry.