As companies continue to strive for greater workforce productivity, they are not always aware of the inherent risks new technologies introduce and therefore don’t adequately plan to address them. For example, they may not realise the fact that negligent end users are among the top causes of data breaches within organisations, with an estimated 39% of data breaches resulting from insider actions.
End User Compliance Security Risks
Because end-user compliance has a direct impact on a company’s ability to reduce their data breach risk, unintentional and deliberate non-compliance with company security protocols, over mobile devices, creates significant security risks. The impact of non-compliance is substantial. The total cost of a data breach for Australian companies is currently estimated at $2.2million, and the associated fines for non-compliance with new Notifiable Data Breach legislation can reach $2.1million. Improved End-User Compliance helps mitigate this risk, with effective compliance policies correlating directly to corporate security – the more compliant an organisation’s end users are, the stronger their security.
Getting the right balance of workforce effectiveness and corporate security is difficult. End users can be reluctant to follow corporate security policies as they view them as an obstacle to productivity. Compliance protocols that are time-consuming and obstructive may cause employees to try circumventing them, reducing their effectiveness and putting data at a high degree of risk. This is where role-based ‘Persona’ profiles become an asset for corporations. These profiles enable granular access to data that is relevant to their tasks, providing them with insights and tools required for productivity while also removing access to data and systems that are not associated with their work, which is necessary for companies to comply with new Notifiable Data Breach regulations.
These role-based profiles would then serve to define the Active Directory credentials of end users, for example, and to apply single sign-on standards. Single-sign-on is an efficient, flexible way for users to access their work without creating too many obtrusive barriers. However, issues with single sign-on can be seen when companies use a generic name, such as ‘user,’ ‘sales’ – or other ways users may try to circumvent the system to access data and systems. Companies who allow generic logins cannot view the identity of the user accessing their data, resulting in a loss of transparency regarding end-user compliance and safety. If a data breach occurs, via human error or malicious intent, IT security needs to be able to identify the user associated with the breach. This is another reason why role-based profiles are an asset to corporate security when it comes to mobility. They enable companies to manage end-user access appropriately, in balance with effective workforce productivity benefits.
Policies and Procedures
Awareness is also a key feature of ensuring effective End User Compliance. End users need to be educated regarding their company’s compliance policies, understand the impact on the company for breaches of client information and how their use of mobile technology effects this. Organisations should ensure that their policies and procedures are easily accessible to their employees and that users are notified of any changes to these policies and reminded of existing compliance regulations on a regular basis.
If you have any questions about the Notifiable Data Breach regulations and end-user compliance within your organisation, or if you have questions about how to create effective and manageable profiles for your users, get in touch with imei today. Our professional consultants can help you build a more secure, successful mobile strategy.