It has become common practice for people to chase the latest technology trends. As tech becomes part of our everyday life, the lifecycle of our devices becomes smaller and smaller.
This is posing a huge issue to the sprawl of data.
About the author
Rick Vanover is a Senior Director of Product Strategy at Veeam.
With the lifecycle of tech shortening, many are abandoning old devices at second-hand stores and selling them to new owners without thinking about the data and personal information that is left on them.
The unforeseen jump to working from home in 2020 for large swathes of the population meant many organizations became virtual entities. Their operations and output became cloud-dependent, and huge volumes of company data – accessible across a range of employee devices – were transferred online.
IT management teams face a serious ongoing challenge of controlling and managing their organization’s data online, which in many cases is near impossible. With data sprawling across company and personal devices, there is almost no control over it, especially in instances where staff sell their personal devices on to their next home, or throw them away.
To add to this, wider workplace trends like BYOD (Bring Your Own Device) continue to gain popularity and make it harder for organizations to keep track of sensitive data. IT teams have less control over employees’ personal devices as it is, and so protecting the data on them becomes a real difficulty. Issues such as lack of encryption or outdated operating systems can lead to potential hacks and data loss as well.
This is something businesses need to consider when implementing a cyber security strategy in 2021 and beyond. This means educating staff in understanding the risks involved with discarding old devices and setting up the right protections within an organization too.
Educating staff in the basics
The first step in managing this is for IT teams to educate employees about the risks involved with using personal devices for work purposes and then eventually discarding them. Employees should be trained in the security practices of an organization and also understand how that translates to personal devices.
Part of this should be educating staff on how to properly wipe the contents of their business smartphones if they eventually discard them to a second-hand store. This is not something that is considered by most organizations, but it should be.
Employees also need to be briefed to understand how to identify potential malware, phishing, or ransomware attacks on their personal devices. If employees are able to identify these threats, it mitigates risk of data being lost.
Ensuring the right protections are in place
If educating staff fails, there are some protections IT teams can put in place to mitigate risk even further.
- Constant software updates – if employees opt to use their devices for work purposes, this has to be under the precedent that the phone is updated regularly. Be sure to provide employees with the support necessary to deliver these updates.
- Multi-Factor and Password security – to minimize security risks, roll out a compulsory monthly password management change alongside modern multi-factor authentication methods. Also ensure that you are putting up restrictions around the type of passwords employees are using, making it less obvious to potential hackers.
- Encrypt data for protection – smartphones and tablets have encryption options that will provide protection of storage. Smartphones that are encrypted have a lower risk of being hacked.
- Clear all phone data – if employees decide to move on to a new device or stop using their current device, ensure you manage the deletion of all data from that phone and have a strict policy around discarding devices.
It is advisable, where possible, that IT teams automate these processes for staff, as this will free up their time and ensure that updates are routinely made by default. With the abundance of software available to automate such procedures, an organization’s best IT brains can add more strategic value to the business rather than performing these tasks manually.
Managing data in the new normal
As working from home became the new normal last year, it also became increasingly complicated to manage the sprawl of a company’s data. While these agile work trends had been predicted for the next 5-10 years, organizations were not prepared for them to become so mainstream – almost overnight. As we look to the future, this is only going to become more and more complicated.
The rapidly growing digitization of businesses across sectors is undoubtedly a significant undertaking, requiring clear objectives, strategy and buy-in at all levels. Understanding these challenges and breaking them down into smaller, more solvable areas to focus on is crucial for success. Protecting staff devices, for example, should be seen as a top priority, as it will help IT teams lay the groundwork for safer practice in the digital age.
Ultimately, it is important for IT teams to understand all the risks associated with managing more distributed workforces, as companies take on more flexible working arrangements over the coming year. A huge part of this is of course understanding the risks that come with using personal devices, particularly in the process of discarding them or sending them to a new home.
- Access your business network securely with the best VPN.