I recently read an interesting article on CIO.com about the Internet of Things compromising business security. The article brought up some interesting points with regard to the “devices” that manage our lives and the new concern that each device brings up. Locks that are controlled with smart phones, climate control devices like Nest and mobile devices with access to company resources are improving the way we work and live, but they’re also opening up security holes left and right. So, what’s the solution? Ban these devices? Limit the number of Wifi-accessible coffee makers that we allow in our offices? We say no. We say bring technology in and embrace it – but be logical about it. Here are a few tips for embracing new technology while minimizing risk.
Tech for tech sake vs tech with a purpose.
Perhaps one of the most important things for a growing business attempting to embrace technology is that you understand exactly what the technology that you’re bringing in does. So often, organizations bring in new gadgets and are unsure of their capabilities. Without a full understanding of every feature behind a piece of technology, your IT staff cannot protect against security issues associated with it. For example, there are dozens of articles about the security concerns surrounding the Apple Watch. A great example is this article from PCMag, which essentially calls the Apple Watch “another BYOD headache.” Devices are great, but IT and the Executive Team should work together before introducing a new device that will integrate with any company data to understand exactly how they can use it and what the security concerns are.
Address all the security concerns.
Once you have a full understanding for where the security gaps are, address them. Adding passcodes, requiring permissions and authorization or limiting feature access is a great way to address concerns with mobile devices. But when it comes to other “smart devices” it may be as simple as beefing up your infrastructure security to minimize exposure through that device. An IT security professional or strategic consultant can give you the best idea for how to address any exposure.
Create a policy for each device.
While this seems pretty no-brainer, you should have a clear outline of exactly how new devices should be interacted with by your users. Just like an internet security policy, an acceptable use policy for devices that are brought in by your users and your organization will help to clarify how devices that connect to your network and accesses company data should be used. The policy should clearly outline that users shouldn’t visit unsafe websites or download unsafe files. Rules and standards like the ones you’ll set forth in this policy will help minimize risk of undue exposure to security threats.
The way that we interact with the world around us is changing. The equipment that we use on a daily basis is also changing. In order to take advantage of the emerging technologies, we must pay attention to security and minimize risk, but also be careful that we’re not eliminating opportunity by writing off new technology as a security risk. BYOD started off as a “security” risk and now employees have the flexibility of technology and business data on the go with their device of preference. Be sure to partner with an IT professional that can help you navigate your way through emerging technologies, determine which can benefit your business and put policies in place to manage the security risks associated with those particular devices.