The increasing use of Bring Your Own Device (BYOD) practices, where employees can bring their own laptops, tablets and smartphones to work has presented additional internal cyber-security risk of data theft to Australian workplaces.
According to a recently published report, Cyber-security – Defending your future, commissioned by specialist recruiter Robert Half, over one in three (34%) Australian Chief Information Officers (CIOs) say lack of employee knowledge and skills around data security is the most significant security risk their organisation will face in the next five years.
The risks associated with the use of personal devices and unregulated apps was made clear after it was revealed that Prime Minister Malcom Turnbull frequently uses WhatsApp to communicate with his staff, raising concerns about the transmission of classified government messages.
While traditionally, the response to IT security has been to find the optimum way to protect a business’ assets from external security attacks, a growing risk now faces organisations in the form of potential internal security threats.
According to risk and business consulting firm Protiviti, in its Strategic Bring Your Own Device report, the risk of data loss is significantly increased with BYOD because basic security controls may no longer be effective on mobile devices, or consistently implemented across the wide range of device types used by employees.
Despite the fact that over three in four (77%) CIOs allow their employees to access corporate data on their personal devices, one in four (25%) think their non-IT senior management does not possess enough understanding about information security exposures, indicating a lack of awareness across the business about IT security risks.
David Jones, Senior Managing Director, Robert Half Asia Pacific said: “Whilst BYOD can bring significant advantages for any organisation, such as higher levels of employee satisfaction, increased productivity, and cost savings, the use of BYOD also poses some serious cyber-security challenges in terms of securing corporate networks and data, mobile device management, and developing security policies.”
“Although it may not be intentional, simple human error can expose companies to increased cyber-attacks and situations where sensitive company data can be compromised. In light of this, more companies are taking steps to balance both their employees’ needs and their security concerns.”
Australian CIOs are implementing security measures to protect company data on their employees’ personal devices. More than half (56 percent) of CIOs are providing training for all personnel on cyber-security policies and corporate practices when using their personal devices. Signing an acceptable use policy also seems to be a standard practice for more than half, 55 percent of the Australian companies.
See: Demand for Knowledge Workers and Highly-Skilled Professionals Increase in Australia
In addition, technical applications are being implemented as 49 percent say they are deploying mobile device management technology and 48 percent are using authentication software. Merely 3 percent say they have not taken any actions to protect corporate data on employees’ personal devices.
With 34 percent of CIOs saying the lack of employee knowledge around data security is one of the most significant security risks, CIOs think their organisation will face in the next five years, it is not entirely surprising that almost one in four (23 percent) do not allow their employees to access corporate data on their private devices.
Because more companies are investing in various platforms and tools designed to protect IT systems and networks, there’s an increased demand for IT security specialists with the niche skills needed to help companies protect themselves against key data security risks, including risks related to BYOD.
This increased demand may prove to be challenging, as 91 percent of Australian CIOs say it is difficult to source skilled technology professionals, with almost one in four (23 percent) finding professionals skilled in mobile security, the most challenging.
“Cyber-security is a crucial issue for any organisation today, and as such they need to implement security standards for employees using BYOD. The solution demands a resilient IT security strategy that goes beyond assessing a business’s IT infrastructure and having the necessary IT security skills. Proactively treating IT security as a continuous enterprise-wide process while making all staff aware of the risks associated with email, social media and confidential information are also essential if companies want to protect their company data,” David Jones concludes.
Also read: Skilled Migrants in Australia are Less Satisfied with their Jobs in Comparison to the Natives
Image credit: huffingtonpost.com