Every business needs to consider changes within its organization to institutionalize its emphasis on data security. As a result of this reality: cybercrime isn’t going anywhere soon. But, unfortunately, this is not a problem you can handle within a few particular operational or administrative silos.
Here are just a few things to consider:
BYOD Policies: A Bring-Your-Own-Device Policy
This allows employees to use their laptops, tablets, and other mobile devices instead of company-issued ones. BYOD has become common practice in many organizations. However, permitting BYOD opens up new security issues because your IT department has potentially less control over how company data is accessed. BYOD uses many other doors to access corporate databases, etc., so it can be harder to keep your information secure. Because of the ubiquity of cybercrime, IT departments need to approach BYOD with a heightened awareness of new security vulnerabilities.
Employee Training
Generally a topic for Human Resources, IT needs to design ongoing employee training to teach employees how to be vigilant about data security, password hygiene, and similar issues. Employee errors, such as opening phishing emails, are among the largest causes of data breach events in the business world.
Operations and IoT Technology
The Internet of Things (IoT) is another area where attention should be re-focusing. With Line of Business managers (LOB) discovering new specific applications for operational IoT devices. They adopt them and then become responsible for their maintenance and security, introducing such devices to address discrete needs throughout the organization. As a result, IoT devices have tended to function in operational silos. The unintended consequence is that the IT department, traditionally responsible for security issues, is left out of the loop. This means that data security is un-coordinated across all of the IT facets of the organization, and people are overlooking security vulnerabilities. C-level tech leaders need to recognize this and adapt accordingly.
The Corporate Mission
To recognize the threat that cybercrime represents to the health of a business, companies should consider including security as a core part of their mission. Both B2B and B2C customers take security very seriously, so companies should realize their task is not to “provide X product or service,” but “securely provide X product or service.” To paraphrase a car maker’s phrase from many years ago: “Security is Job One.”