Building security and privacy protection into a BYOD environment
Mon 13 Nov 2017 | Daniele Màtyàs Tieghi
Daniele Màtyàs Tieghi, CTO and product manager at Mon-K Data Protection, discusses why businesses would be advised to reassess their data protection investments
Over the last five years, companies have had to face increasing costs of cyberattacks and data breaches. In 2015, the cost of cyber attacks globally was $480 million (approx. £361 million). In 2016, this figure rose to $3.1 billion and the dramatic trend is far from slowing – some forecasts even citing $2.1 trillion by 2019.
In response, companies are beginning to worry and governments are starting to focus on data protection and cybersecurity in new legislation.
Since 2015, there has been an exponential growth in cyberattacks. As seen with the phenomenon of ransomware, threats which were previously unheard of are now overwhelming enterprise organizations, as evidenced by the WannaCry attack this May which brought critical infrastructure around Europe to its knees.
The most common pitfall in data protection is inherent to human nature – we do not think about a problem until it happens
The major causes of this increased cyber attack activity can be attributed to the growing ease with which malicious bodies can access information, hacking tools and methods. The attack surface is also continuously expanding as we adopt increasingly more complex and heterogeneous systems and environments.
For most businesses, the most common pitfall in data protection is inherent to human nature – we do not think about a problem until it happens to us. This is frequently evident when looking at backups. Today almost everybody has a backup of their most important data, if not of the whole system. However, previously backup was not such a common practice: so many companies had to learn the hard way about the importance of backup.
Another misconception is thinking that if antivirus is installed on every computer, the company is secure. However, this is not even remotely enough protection. Yes, malware, including viruses, spyware and ransomware, is one of the most common threats, but, depending on the value and sensitivity of the data and systems, there are so many more threats to prepare for.
Data protection in the age of BYOD
Just think about Bring Your Own Device (BYOD) or trends in remote working. These are understandably attractive to companies and users, but the advantages in mobility and cost-savings are counter-balanced by a significant fragmentation of systems, which become incredibly hard to control.
Companies today need to evolve their business models in order to remain competitive and ready to meet market demands. Employees are constantly demanding mobility and remote working, as well as high levels of security and privacy. Companies that are able to effectively and safely embrace these trends can reap huge benefits, both in terms of productivity and cost-savings.
Enforcing security policies is a critical step in the prevention of data leaks
These organizations must adopt innovative approaches and tools to ensure cybersecurity and privacy, manage threats and achieve competitive advantage.
Data encryption, in all its forms, including encryption of the hard drive, emails and communications is a starting point. So too is the ability to connect through a VPN to the corporate network, allowing users to browse the web anonymously.
Furthermore, the adoption of open source software can give businesses the opportunity to check any single line of the source code against infiltrations typical of particular organizations or fraudulent developers.
Enforcing security policies is a critical step in the prevention of data leaks through unauthorized copies of sensitive information being released on external drives or personal devices. This type of incident happens all too frequently – take for example the memory stick containing sensitive Heathrow security data on the Queen’s itinerary which was found on the street in North London this October.
Separated environments is also an important practice for businesses looking to keep sensitive corporate data and applications completely isolated from the average user.
Finally, effective backup and recovery software should be in place to backup and encrypt the most sensitive and confidential information on regular basis.
Unfortunately, the adoption of these techniques is slow and costly.
To encourage a focus on data protection in their BYOD environment, businesses are now looking for innovative solutions that enable them to achieve results easily and in a short timeframe, both in terms of increased security and privacy protection, as well as regulatory compliance.
Secure-K Enterprise is our idea of a super portable personal workspace. It’s a full operating system assembled by our engineers to meet the highest security and compliance rules of the big enterprises. It’s fitted with a military grade USB body with two levels of encryption (HW and SW, AES 256 and AES 512), zero footprint and total isolation from the host computer where it boots. It has strong (but customizable) security policies and it’s equipped with an encrypted real-time backup of the data and the operating system settings. It comes with a set of encrypted communication tools such as encrypted emails and encrypted chat, with also audio, video and file exchange capabilities.
Among the features, there is also a backend server that integrates Secure-K transparently into pre-existing complex enterprise environments. Join with an Active Directory Domain; asset inventory; remote management; centralized updates and deployment, and much more.