What comes to your mind first when you think about information security? You may be thinking of software tools, firewalls, encryption, passwords and several other electronic means of detecting and protecting information. However, have you thought about your employees?
Every employee can be a living, walking access path to the information contained within your enterprise which can bypass all the electronic protection mechanisms you have in place. Through their access credentials and their personal devices, one can obtain access to valuable information contained within your enterprise.
This gets magnified when you consider the myriad possibilities with employees working out of their home office in addition to using their BYODs. Therefore, Information Security begins at home with your employee. Let us see why.
As I outline in this post, BYOD is but a manifestation of similar paradigms that have existed in the past – PYOD->UYOE->SYOW->EYOH->BYOD. When we EYOH - extend your own home – we must watch out for the security violators whether such interactions happen by chance or choice:
1. The cost-effective neighbor – using your unprotected wireless network to access the information on your own network of personal and business devices at home.
2. The enthusiastic assistant – who happily browses through texts and phone calls on your mobile device on your behalf.
3. The competing family member - working for another organization in the same market as yours coming to know of the latest changes in your enterprise's marketing strategies.
4. The sharp-eared listener - stopping by to engage in casual conversation overhearing your conference call with other decision makers in your home office.
5. The hyperactive pet - casually strolling over your keyboard resulting in the dreaded send-key being hit at the wrong time. Far-fetched? Maybe. Real? Absolutely! This happened for real to one of my co-workers whose pet dog happened to take a walk on her keyboard resulting in an e-mail being sent one too many times – an instance of the wrong information being sent to consumers.
What can enterprises do to address such security concerns in the DNA of their information ecosystem -- the employee? They can educate their employees on security, privacy and ethics guidelines that must apply even they work at home. When they BYOD and EYOH, they must treat their home office as their workplace. Exercising their right to the privacy of the information on their personal devices -- work-related or otherwise would help as well.
How about you? What experiences have you had with information security at home? What measures has your enterprise taken to address such concerns? Please let me know.