In the current working environment it seems there’s new IT solutions in Organisations every day. Not only supplied through legitimate business direction, but also through a number of other departments. There are a number of trends that businesses need to be aware of that are impacting a company’s ability to manage and mitigate their business risks. These include Public Cloud Apps, Shadow IT, Millennials, and BYOD. (Don’t worry if these terms don’t make much sense to you just yet, be sure to read on!)
So how can you be sure that your organisation is compliant when it come to regulatory responsibilities? Or perhaps your duties as a Director?
When was the last time you assessed your company’s risk to vulnerabilities and breaches. Do you have a Risk Management plan in place?
An effective security and risk assessment can reduce the impact of breaches should these happen. It can also stop or reduce any reputational damage to your company or brand as a result of a breach or loss of IP.
There are basically three risk management components:
- Evaluation and assessment – Identifying assets and then evaluating their properties and characteristics.
- Risk assessment – Discovering the threats and vulnerabilities that pose risk to the assets (as identified in point 1).
- Risk mitigation – Address and mitigate risk via courses of action such as transferring, eliminating or accepting it.
A risk and security audit will generally provide information to allow a business to assess and then
mitigate risks associated with their business and systems.
How can we assist?
If you are looking at completing a Security and Risk Audit we can assist. From completing the audit through to documenting and recommending actions to assist in your Risk Management plans.
So how can we help? We have self-assessment tools to enable your team to complete the audit activities themselves.
Alternatively, we can provide a complete Risk and Security Audit service. If you would like to discuss your Risk or security position, please don’t hesitate to get in touch.
As a special offer for those clients the complete a Security and Risk Assessment we are offering a free three month trial of Kaspersky Security – Business Select for up to 10 devices/ users.
So what is Shadow IT?
From our good mates at Wikipedia
Shadow IT is a term often used to describe IT systems and IT solutions built and used inside organizations without explicit organizational approval. It is also used, along with the term “Stealth IT,” to describe solutions specified and deployed by departments other than the IT department.
So why are Millennials such a big issue for organisations?
Having grown up with technology they are “digitally integrated”, always connected with the digital world around them, both personally and professionally. Although they are always connected, how much thought has been put into the security or integrity of their personal information or devices. For some there is a clear delineation between Work and Play devices and applications, however for Millennials they don’t see a problem using personal devices and applications for work and vice versa.
According to a TrackIT survey, 60 percent of Millennials are not concerned with corporate security when they use personal apps, and 50 percent of them bring these personal apps into the enterprise. With data protection a top concern among businesses of all sizes, these statistics point to a need to understand the risks associated with working in this new paradigm.
Does your business have a strategy for this Bring Your Own Device world?
Providing uncontrolled, mobile devices access to your corporate network can offer many benefits – but also introduce significant security risks.
Do you know what Public Cloud Apps your employees are using for corporate use?
Data leakage through the uncontrolled use of Public Cloud Apps needs to be managed. How do you currently manage the apps and user controls around data that is up in the Cloud(s)?