The main cause of security breaches is human error, there are numerous reports that support this evidence – a quick serach on reasons to use remote backup will bring back a plethora of fear inducing surveys and research projects supporting this notion.
The majority of this threat has been due to disgruntled employees and there are many companies who spend vast amounts of money on various data protection methods. SSL and layers of security are all very well, however, the new threat that is being earmarked is not necessarily based upon revenge or sabotage.
On the contrary, young workers are using their technological knowledge to circumvent their restrictive company email to increase their productivity. This is not a malicious threat but an issue nonetheless as younger workers excercise a level of careless efficiency.
In a study carried out recently by Mimecast, they found that ‘People under the age of 25 send work-related emails from their personal accounts and leak company information’. Such security breaches are clearly not neccesarily malicious and they may not be dangerous in nature. I don’t think that employees using personal email is the same as them stealing or selling company information.
If a worker decides to do this in a pre-meditated act then it is nigh on impossible to protect against and this is not due to the fact that information is now stored digitally – although it does make it easier to take larger volumes of work. Preventable security risks do always need protecting against and the most dangerous and malicious attacks would be likely to stem from such security failures.
Not securing against cyber-attacks, data theft or cases of public servants leaving people’s personal data on trains are all preventable. Companies should also be careful to control who has access to what information – such access is easily delegated in a cloud suite.
There are a lot of security measures centred around email, information storage and communications. But if the threat is younger employees using their own email accounts for work then that is a much more difficult problem. It requires man management and education rather than Information Security.
The report claims that ‘Over half of under 25s said that if they had an unlimited work mailbox they would be less likely to send work emails through personal accounts’, with 85 per cent of under 25s sending such emails – which wouldn’t be covered by and disclaimer let alone security measures, the problem does need to be addressed. Both Google and Microsoft offer Hosted Exchange Email products with default 25GB mailboxes – far more than any personal email account.
Both Gmail and Exchange Online via Outlook Web Access allow young users to operate in a familiar email environment – just with the added security that they are administered by the company.
Young users are using their personal email accounts in order to make themselves more productive – not in order to make their work less trackable or their practices less secure. Logging via SharePoint online or Google Sites can allow you to also track their work securely and allow them to better manage their workloads and measure their targets. A cloud solution allows all companies to be more productive and more secure – whilst only paying for what they need.