Opinion

Why security in the connected workplace is everyone’s business

There was a time when cyber security was limited to a desktop computer with antivirus software. In today’s digital world, risks to networks and devices come in more forms and from more directions than ever before where destructive threats emerge every day and undiscovered vulnerabilities are exposed, proving that you can never be too secure.

As attacks have become more sophisticated and widespread in the last few years, companies are rethinking security in the workplace. From identity theft and intellectual property loss to infections by viruses and malware, IT administrators are tasked with adequately protecting information and assets from threats from the outside as well as within.

In the Middle East and North Africa region, security represents one of the major risks affecting businesses and individuals today. According to the latest forecast from Gartner, spending on enterprise information security technology and services is on pace to reach $1.9 billion in 2019, an increase of 9.8 percent over 2018. IT administrators are increasingly recognising the need for a holistic security strategy that can be applied at every level of the organisation — from servers, desktops and devices such as printers and multifunction devices, to the networks that connect them all. Although most companies have invested in preventing external attacks, 35 percent of all electronic crime is committed from malicious insiders and a third of data leaks come from within.

There is a vital need to help limit data loss, protect against unwanted device use, and mitigate the risk of information networks being compromised.  With evolving communication technologies, we’re far more interconnected than ever before. Highly confidential, sensitive and business-critical data is transmitted via a range of devices and information networks. It’s not enough to secure this data securely. If a business isn’t equipped to also secure the transmission of this data, they make themselves vulnerable to a potential information security breach.

Organisations can secure their information by managing the critical aspects of people, documents, devices and the network.

Encouraging a security culture among employees:

One of the biggest security threats is end user carelessness or human error. These mistakes include sharing passwords, leaving devices unattended, not deleting old information, carrying unnecessary documents outside the office, to name a few. These errors can be easily avoided by implementing a written security policy, ensuring restriction to critical data, destroying old data in a timely manner and conducting awareness trainings to educate employees.

Mohamed El Bahrawy, Canon Middle East
Mohamed El Bahrawy, Canon Middle East

Managing and monitoring access goes a long way in ensuring risk management and protecting critical information. At an organisational level, device security protocol can be designed at an individual level by assigning each employee with particular credentials, or at a resource level where access can be determined according to roles and responsibilities.

Promoting document and data protection:

According to the recent Canon Office Insights 2018 research, incidences of documents going missing have happened to around 70 percent of businesses in the Middle East. The most common consequence this seems to have had is additional spend to reproduce lost documents, in 47 percent of cases.

A few ways to add a layer of security include document password protection, encrypting features, secure watermarks on corporate information and secure disposal of unattended or older documents.   The research shows that around 40 percent of staff in the region worry about the consequences of staff losing or leaving unsecure documents, and around 20 percent agree entirely that most employees are unaware of the risks of data loss through documents. A variety of controls should be implemented to help prevent unclaimed printed documents from sitting openly in the exit tray of the device, to encrypt data in transit to the printer or stored on the device’s internal hard disk drive, to help protect information on documents scanned and sent from a Multifunction Printer, and to help protect all passwords, address books, encryption keys and certificates that may be stored on the device.

The good news, highlighted in the Office Insights 2018 research, is that 46 percent of businesses in the Middle East region are most likely to be enhancing document security in the next 1 or 2 years whereas the average for other regions around the globe is only 25 percent. This concern is translating into real-world action in this region, with 55 percent consulting with external specialists to help them with document management solutions, and 67 percent opting to use cloud-based solutions.

Securing the end points:

Technologies like multifunctional printing, copying and scanning devices are some of the world’s most popular business-communication tools. But as an input and output product, an unsophisticated device can leave your business vulnerable. This is exacerbated by the risk of exposed hard drives, which can further compromise the protection of confidential material.

Often, networked printers and multifunction devices are ‘end points’ that could be entry points for malicious activity. In general, these devices should not be allowed to have an open connection to the internet, should have a private IP address and should always be placed behind a corporate firewall, among other protections. There should also be a number of network security features incorporated in the device which helps guard against the consequences of unauthorised network intrusions.

What many organisations don’t consider is that even when disposing of old printers and multifunctional devices, or returning them after lease, residual information can remain on the hard drive and it is essential to clear this prior to moving these out of the secure working environment.

Whether it’s through digitising hard copies or ensuring information seamlessly interacts within a business, keeping data secure is integral to everything. Sensitive data in the wrong hands can not only lead to the end of a business but can also have other severe consequences such as exploitation. With information being a prized asset for organisations, information security becomes the responsibility of everyone, from employees to business leaders, at the workplace.

 

Previous ArticleNext Article

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines