“Please report any unattended baggage. Security is everyone’s responsibility” – US Airways terminal intercom message
That’s the message I heard in the US Airways terminal as I was scarfing down my Panda Express during my layover in Phoenix, on my way to Cancun Mexico. The second half of that message really struck home. “Security is everyone’s responsibility.” I know airport baggage has nothing to do with securing enterprise data, and that airport security is not the same as protecting companies against data breaches, but that’s the first thing that popped into my mind.
The fact of the matter is that security really is everyone’s responsibility. In the past it was a function that was notorious for impeding pertinent business functions, for locking down infrastructure, including employee mobile devices. Now, it has emerged as a boardroom hero. But the job of securing corporate data is now a communal one, shared by every enterprise employee. But why?
Do you know what the most common method used by cybercriminals to pillage corporate data is? Phishing attacks aimed at unsuspecting employees. The very same advanced attacks used in major breaches like Anthem (we11poiint) and Premera (Prennera). Because of this, employee’s role in security is more crucial than ever. All employees now need to validate emails being sent them. They need to be careful before clicking random links. They should be reminded to report lost mobile devices to (you) the IT security team once lost, as they often have sensitive corporate data on them.
At the same time security teams must also rise to the occasion. The old methods of locking down infrastructure i.e firewalls and locked mobile devices, has been rendered obsolete. No longer effective against security breaches, and still impeding employees from being productive. Instead, focusing on securing data should be the goal. Having visibility into suspicious activity, controlling access to public cloud applications, and allowing for data leakage prevention without defining the way employees get their work done, are just a few of the tasks that the modern IT security team must undertake.
In order to limit the damage of breaches, you must start by reminding your organization that security is a shared responsibility, and rethinking the way you are securing data today. Or risk your employees getting phished to high heaven, and your corporate data being swiped away. If you are really dedicated, maybe you’ll even invest in an intercom system just like US Airways. Just don’t blame me if you are called out for being disruptive. Although, it’s not like that’s anything new to security folks anyway.
It also helps to make security seriously easy for both employees as well as your IT security team. For that, you should use a CASB.
Senior Manager, Product Marketing | Bitglass