Bringing new technologies and devices aboard is non-negotiable for businesses these days. Whether it’s cloud computing for data access or a new productivity app that keeps every member of a team safe, technology is helping us do more with less — and remain profitable as competition heats up.
But the data powering today’s business technology introduces potential risk too. Here’s a look at how to remain security-minded as you figure out how to make your business data more mobile and accessible.
Secure Data Access for Remote Teams and More
There are two kinds of data, essentially, that you need to work hard to secure: data at rest and data in transit. Because of how common cloud-based business tools have become, the security of our data in transit is an especially important point to consider.
Think about how much less likely it is today for vital company data to remain onsite on your servers. That data isn’t stationary — it’s likely being retrieved at company workstations, modified, returned to a central location, then retrieved again by agents in the field, satellite business locations or teams and contractors working remotely.
The cloud means that data stands a good chance of being up-to-date at each of these “touchpoints” when you need it to be. But that also means you need a comprehensive plan for keeping it safe while it’s in transit. You may need to:
- Invest in a virtual private network (VPN) solution: This solution will likely be required for any employee or team that may have to retrieve or submit company documents or data over unsecured public networks.
- Lose third-party cloud providers: Depending on your future business plans, you might find that there are times when it’s cost-effective — and potentially more secure — to ditch third-party cloud providers and build your own physical data infrastructure. For example, when Dropbox ditched AWS, they enjoyed the additional control and peace of mind that in-house data systems provided. This is just one example, but you may find others where spending more initially versus taking on another recurring expense delivers positive results.
Bring Your Own Device, Safely
One of the biggest advantages of modern technology today is the luxury of performing an ever-larger number of personal and business-related tasks on our everyday devices. In the modern workplace, encouraging employees to use technology the way they want to could help them perform their work more efficiently — and maintain better morale while they do.
This “BYOD” culture introduces plenty of security concerns, however, and you’ll need a comprehensive plan to address them. The plan should include:
- New hire training (and periodic training updates) on good password hygiene for cloud apps and device lock screens
- Reminders about email practices, such as never clicking suspicious links and instructions for writing inbox filtering rules
- A "blacklist" of apps, or app types, that employees are not permitted to install on devices that also contain company data
- Instructions for each hardware platform on enabling disk encryption and remote wipe features for lost or stolen devices
If any of this advice sounds like Greek to you, it’s probably time for some professional IT help. As for the more cultural elements, enshrining these rules in “stone” is a big step your company can take toward ensuring that its intellectual property isn’t exposed to unnecessary risk.
Get Smarter About Account-Based Security for Web Properties
There are probably several accounts that decision-makers and employees at your company rely on daily or near-daily to get their work done. Consider some of the research done in clinical and healthcare settings. One study discovered that over the course of a single week, 2,256 users from six hospitals logged a total of 65,202 separate (legitimate) logins at facility workstations. The number of services and web properties that nurses and other practitioners use daily — for administering care as well as facilitating billing — means lots of opportunities for credentials to be misplaced, forgotten or compromised.
These days, there are lots of additional features you can use to supplement the security of your account-based services and web properties. Here are a few of them:
- If your services offer two-factor authentication (2FA), turn it on. Doing so ensures that even stolen credentials require a secondary account or device to be useful to data thieves.
- When it’s available, password-based security is best accompanied by something physical. Single sign-on solutions, including badge swipe terminals on workstations, can help with the multiple-logins-daily problem above. It also means thieves will require a login, a password and a physical security device (card key, fob, etc.) to enter your system.
- Mobile devices and workstations increasingly make use of biometric security, including iris scanners, fingerprint scanners and more.
To put things into perspective, most agencies at the federal level in the U.S. do not use strictly account-and-password-based credentials. Instead, levels of user access are defined by other criteria, including physical assets. One such asset is known as the “derived credential.” Derived credentials pair a physical card key with a user-known PIN.
Employing this method, and others like it, requires buy-in of the literal and figurative kind. Deploying card key readers at each access terminal, and for each mobile device, is a costly endeavor. Nevertheless, it probably points the way forward, as derived credentials satisfy 2FA requirements as well as the “something you know, something you have” security axiom.
What Does the Future of Digital Security Look Like?
This type of security workflow — combining a PIN or password with something you carry on your person — isn’t new. It is, however, being popularized at the consumer level by Google and others. Google is marketing a new physical security key with confidence enough to signify that it’s betting big on this being the future of personal, business and institutional security.
Remember that you have plenty of security options at your disposal today. Sometimes it means educating yourself on the settings your digital services and tools already offer. In other cases, it might mean changing providers or trying out new technology until you find a security solution that suits the work you do.
