As small business owners move more data to the cloud, many are beginning to realize that their employees represent one of their most serious security risks.
More than 60 percent of small business employees are accessing company-related data through their personal devices, such as smartphones and tablets. And that percentage is expected to increase with the likely proliferation of wearables such as the Apple Watch. In fact, a recent Cisco forecast predicts that there will be nearly 600 million wearable devices in use by 2019.
This trend reinforces the fact that what we commonly call shadow IT — software, services, and devices that are used by employees without their IT department’s knowledge — poses a real challenge. The good news is that many employers are beginning to recognize this threat. In fact, 77 percent of respondents to a recent survey tagged employees and users as their greatest vulnerability.
To protect your small business, you need to strike the right balance between giving employees the tools they need while also maintaining your company’s data security.
Ditch the ‘control’ mentality
Seven in 10 small businesses already use the cloud (or plan to) this year, that same survey showed, so it’s time to get serious about shadow IT. In the past, IT departments have simply banned certain programs or practices, but that’s no longer feasible.
If employees don’t have reliable and sanctioned software options, they’ll find their own. And thanks to the consumerization of IT, which has placed intuitive technology in the hands of nontechnical people, they have plenty of options, too. This makes security compliance even harder to enforce.
For example, chief information officers estimate that so-called shadow IT represents a cost hike of 40 percent over their official IT budget. At the same time, Gartner’s estimates suggest that IT departments are losing control of IT budgets; it was estimated that by this year, 35 percent of enterprise IT expenditures would be managed outside of the IT department’s budget.
Shadow IT has ushered in an entirely new set of challenges for businesses and IT departments. It’s clear that the old control mentality is no longer effective; rather, you need to manage the inevitable. It’s time to emphasize collaboration to make sure everyone is on the same page about data security.
Focus on mitigating your risk
You must recognize this trend and help your departments work together to find solutions to increase productivity while maintaining security. Here are some other best practices:
Encourage interdepartmental meetings. Every department in your company should be focused on the same goal: driving the business forward. Make sure IT is abreast of all departmental objectives and challenges. If you get people talking, they’ll collaborate to find the right systems to meet all departmental needs while maintaining data security.
Think twice about outsourcing data security. It’s important for you to take control of your sensitive and proprietary business functions — especially data security. When choosing cloud vendors, ask for encryption and operational methods. Are they in compliance with your industry’s regulations? Get assurances in writing to protect your assets, and ensure your employees are trained on the difference between internal and external cloud security policies.
Implement intuitive policies, procedures, and systems. Your employees can go from being your biggest risk to your biggest asset if you can get them involved in the process of creating cloud security policies, procedures and systems. Take the collaborative approach by pairing an IT project manager with a person from each affected department. This helps meet your employees’ needs while keeping security in mind.
Gather and share information on security risks. Take the time to stay informed about the latest digital security threats, and share your findings with employees via training programs. According to PricewaterhouseCoopers, companies that don’t provide security training lose an average of $683,000 annually, while companies that conduct training lose around $162,000.
The real key to minimizing your risk is to bring everybody to the table. Although your IT team needs to prioritize security, it also must arm your employees with the productivity tools they need. If you use a collaborative approach to create clear security policies and inform and train your employees, you’ll give yourself a much better shot at company-wide buy-in.
Tom Smith is the vice president of business development and strategy for CloudEntr by Gemalto, based in Austin, Texas. Smith has more than 30 years of experience with security, mobile and cloud technologies, including founding executive roles at four technology companies.