Data security is very much the province of your IT people who will endeavour to ensure your systems are secure. But the biggest risk comes from your own employees.
Largely this is because increasingly employees are bringing their own devices (BYOD) to work for purposes of work. Many employees access their work e-mails on smartphones or even the company server via a phone or laptop. More than 3 million people had their Smartphones stolen last year, many of which did not even have a simple passcode to protect data.
So along with the phone could go your company’s customer list, confidential personal information or even access to company accounts.
Armed with the access such a theft could provide, a thief may be only one or two steps away from administration rights on your company server. Fantasy? Not at all. We have been shown by security experts how relatively easy it is.
If you allow employees to “BYOD” to work then a starting point is to have a policy so that employees know and understand the need for care. Phones need to be secured with more than a simple password and old phones may simply not be secure enough. You may want to consider encryption.
Also employees need to be aware of “social engineering”! Using information that may be gleaned from your website to gather more, phishers can phone an employee and appear plausible. The conversation might go along the lines of “Hi this is Jon from IT. There have been some problems with email this morning – are you aware of any?”; “Yes” (because a barrage of emails was sent by the phisher earlier); “OK, I just need to verify the settings on your phone, could you go to ‘Settings’ on your home screen, please?”; etc., etc.
Employer Solutions provides a bespoke BYOD policy to existing handbook clients on request. A basic policy is available for £50 or there are free policies that can be found on the internet. We can also provide bespoke policies for non-clients where the fee is determined by the work involved.