Three Things That Give IT Security Specialists Nightmares

You know what scares us? The thought of business data floating around on unsecured networks, the dusty cobwebs of old sales presentations sitting on an unprotected virtual drive, and somewhere in the suburbs of outer Sydney an executive sending a confidential email over a “free” Wi-Fi network. Brrr…

Look, we get it. When you start a new job and go through all the inductions and security training, it’s a lot to take in. Then someone sitting next to you says “oh, there’s a quicker way, watch this.” That’s when mistakes happen.

The Future of Work study commissioned by Citrix showed that 40 per cent of Australian employees would disregard company security protocols and IT teams to access unsecured public Wi-Fi to get work done. It also found that 83% of employees were using non-business approved applications to get their work done.

These behaviours are not intently malicious, but a reflection on businesses that aren’t giving employees access to the right tools. Maybe it’s the fault of technology services or business procedures. Either way, we believe the main issue is that workplace technology has become far too complicated.

Coupled with the heightened prevalence of data breaches within contemporary workspaces, the situation becomes a terrifying concoction potentially leading to disastrous financial and productivity outcomes.

This Halloween we want to share a few scary stories of business IT blunders and how you can
avoid them. (Otherwise we may be telling your story next year.)

Here are three scenarios that are probably keeping your IT department up at night.

Rogue BYOD

How often do you use personal devices to complete work tasks? Using your own device might be a quicker and easier method for sharing information, files and even emails compared to an outdated office IT system. No problem, right? Wrong.

Picture yourself sitting on a train during your morning commute. You exit the train and the
doors slam shut just before you realise your personal laptop is still under the seat. This wouldn’t be a significant problem if you hadn’t downloaded a customer proposal to it to work on at home. Now it is accessible to any member of the public.

In another alarming example, the Royal Australian College of General Practitioners revealed some doctors have been caught capturing photos of patient diagnoses on their personal device before sending it to their colleagues for a second opinion.

Both situations have the potential to severely damage reputations and breach security of yourself, the organisation you work for, or worse your clients and customers.

Even though these people were just trying to get their work done, the manner in which they have done so, has put themselves, the customer and the organisation at risk. That’s why it is increasingly important to utilise technology that has been sanctioned by your IT dept as it will typically have the safeguards in place to protect you and any IP. Or if your office has a bringyour-own-device policy, make sure you follow the steps outlined by your IT teams and follow what they tell you.

Imagine waking up to an email asking why an upcoming policy change is plastered all over the
morning newspaper. Yes, heads will roll.

Unsecured Wi-Fi

Joining unsecured Wi-Fi networks can be very tempting when working remotely. Picture yourself sitting at an airport boarding gate or at your local coffee shop. On a scale of one to ten, how likely are you to access the public Wi-Fi network just to answer a couple of emails or send off a document?

As tempting as it is, opening corporate servers, data and Software-as-a-Service (SaaS) applications through unsecured networks could have major consequences for you and your business.

How would you and your boss feel realising an unknown party gained complete access to confidential business information because you thought it would be easier to avoid your company’s security protocol?

To prevent the likely disaster of a data breach, employees should always use protected devices through a VPN and re-consider if the information they are sharing is confidential or sensitive. Contrary to popular opinion, IT teams aren’t there to make you jump through hoops, they know their stuff and want to keep businesses operating efficiently and securely.

Just ask anyone who’s been involved in a data breach whether it was worth cutting corners.
Our guess is it’s not.

Wrong tool for the job

Have you ever been a culprit of sending a private social media message to the wrong recipient? If not, consider yourself lucky because there is no worse feeling.

Although a simple mistake, when you apply this scary security story to a professional working
environment the consequences are far more severe.

As businesses continue to experiment with social media platforms that could potentially boost
employee engagement and productivity, it poses a risk that confidential information will be
leaked to the public.

In other instances, workers found it easier to send work documents to their personal email
addresses or upload them to personal cloud storage, risking the integrity of commercially
sensitive information.

Two things businesses need to do to ensure employees are well equipped – technology and training. Each and every employee must have access to the technology software and hardware they need to do their jobs, and the training to understand the rules around IT use. This will reduce the instances of employees looking outside the company IT ecosystem when trying to get work done.

One surefire way to avoid these sort of mix-ups is to restrict work conversations to professional platforms designed for business and provided by your IT teams. Programs like Microsoft Teams and Citrix Sharefile for documents.

So, this one lesson is for the business leaders, if someone says they want a certain program to do their work, listen to them. Not only could it make your employee more productive, they’ll feel validated that you listened and won’t try to go around you and do it their own way.

Reducing employee frustration around technology is the first step to reducing the likelihood of employees wanting to step outside IT boundaries and search for other tools to get work done, potentially compromising the safety and security of the business, and its clients and customers.

And if you don’t want a horror story at a Monday morning meeting, remember to listen to IT teams,
talk to your team members, and find ways of working that keep your data secure.

Safi Obeidullah is Technology Strategist & Field CTO, APJ for Citrix Australia and New Zealand.


One response to “Three Things That Give IT Security Specialists Nightmares”

Leave a Reply