According to Osterman Research, 95% of business users primarily communicate via email. Of emails sent, 98% were sent with attachments. Secure? Highly doubtful. Mobile devices and BYOD, has unlocked a hornets nest and has put security of confidential information at risk. In the BYOD world, who owns the content, the owner of the device or the organization? Does the organization have the right to access the device to identify confidential information? Current court cases will decide the outcome.
Complicating security issues, social has entered the business world. Accepted in a court of law, the organization is responsible for tweets, social postings, Facebook, and instant messaging, even if it is an end users personal account. Security breaches should be an organizational priority. Did you know that most breaches are caused internally, either through negligence or deliberately? And the security holes only grow deeper into sink holes with no escape.
Oddly enough, C-level folks state unequivocally that they are concerned with cloud security. Rightly so. On the other side of the coin, they tend not to do a lot about it. Some have the attitude that a couple of million dollars to remedy the situation is pocket change as opposed to being prepared for the worst. It isn’t only the money, for better or for worse the impact on the brand and the attitude of customers can be worth much more than remediation. It takes years to build a brand, and depending on the data exposure, it can be destroyed.
They have made their perimeter a fortress, but most exposures are internal. Spending time documenting your security holes within the organization may influence organizations with lax rules to tighten their belts on security processes, access, and define what is and what is not confidential.