Written by Rick Vanover, Senior Director Product Strategy at Veeam
It has become common practice for people to chase the latest technology trends. As tech becomes part of our everyday life, the lifecycle of our devices becomes smaller and smaller. This is posing a huge issue to the sprawl of data.
With the lifecycle of tech shortening, many are abandoning old devices at second-hand stores (thrift shops) and selling them to new owners without thinking about the data and personal information that is left on there. Many people are now working from home and opting to use a personal computer to get work done. This is making the challenge of controlling and managing your organisations data near impossible. With data now sprawling across the company and personal devices, there is no control over it, especially when it is sold on to its next home, left behind at a second-hand store, or thrown away.
To add to this, workplace trends like BYOD (Bring Your Own Device) are gaining popularity and making it harder for organisations to keep track of data. IT teams have less control over employees’ personal devices and so protecting the data on them becomes a challenge. Things like a lack of encryption or outdated operating systems can lead to potential hacks and data loss.
This is something organisations need to consider when implementing a cyber security strategy. This means educating staff in understanding the risks involved with discarding old devices and setting up the right protections within an organisation.
The first step in managing this is for IT teams to educate employees about the risks involved with using personal devices for work purposes and then eventually discarding it. Employees should be trained in the security practices of an organisation and also understand how that translates to personal devices.
Part of this should be educating staff on how to properly wipe the contents of their phones if they eventually discard it to a second-hand store. This is not something that is considered by most organisations.
Employees also need to be briefed to understand how to identify potential malware, phishing, or ransomware attacks on their personal devices. If employees are able to identify these threats, it mitigates risk of data being lost at all.
If educating staff fails, there are some protections IT teams can manually put in place to mitigate risk even further.
- Constant software updates – if employees opt to use their devices for work purposes, this has to be under the precedent that the phone is updated regularly. Be sure to provide employees with the support necessary to deliver these updates.
- Password security – to minimise security risks, roll out a compulsory monthly password change. Also ensure that you are putting up restrictions around the type of passwords employees are using, making it less obvious to potential hackers.
- Encrypt data for protection – smartphones and tablets have encryption options that will provide protection of storage. Smartphones that are encrypted have a lower risk of being hacked.
- Clear all phone data – if employees decide to move on to a new device or stop using their current device, ensure you manage the deletion of all data from that phone and a strict policy around discarding devices.
As work from home has become the new normal this year, it is becoming increasingly complicated to manage the sprawl of a company’s data. While these agile work trends had been predicted for the next 5-10 years, organisations were not prepared for them to become so mainstream in 2021. As we look to the future, this is only going to become more and more complicated.
It’s important for IT teams to understand all the risks as their companies take on more flexible working arrangements in the new future. A huge part of this is of course understanding the risks that come with using personal devices, particularly in the process of discarding them or sending them to a new home.