It has become common practice for people to chase the latest technology trends. As tech becomes part of our everyday life, the lifecycle of our devices becomes smaller and smaller.
This is posing a huge issue to the sprawl of data.
By Rick Vanover, Senior Director of Product Strategy for Veeam Software
With the lifecycle of tech shortening, many are abandoning old devices at second-hand stores (thrift shops) and selling them to new owners without thinking about the data and personal information that is left on there.
Many people are now working from home and opting to use a personal computer to get work done. This is making the challenge of controlling and managing your organization’s data near impossible. With data now sprawling across the company and personal devices, there is no control over it, especially when it is sold on to its next home, left behind at a second-hand store, or thrown away.
To add to this, workplace trends like BYOD (Bring Your Own Device) are gaining popularity and making it harder for organizations to keep track of data. IT teams have less control over employees’ personal devices and so protecting the data on it becomes a challenge. Things like a lack of encryption or outdated operating systems can lead to potential hacks and data loss.
This is something organizations need to consider when implementing a cybersecurity strategy. This means educating staff in understanding the risks involved with discarding old devices and setting up the right protections within an organization.
The first step in managing this is for IT teams to educate employees about the risks involved with using personal devices for work purposes and then eventually discarding them. Employees should be trained in the security practices of an organization and also understand how that translates to personal devices.
Part of this should be educating staff on how to properly wipe the contents of their phones if they eventually discard them to a second-hand store. This is not something that is considered by most organizations, but it should be as one in 10 Australian mobile consumers are choosing to participate in the second-hand phone market.
Employees also need to be briefed to understand how to identify potential malware, phishing, or ransomware attacks on their personal devices. If employees are able to identify these threats, it mitigates the risk of data being lost at all.
If educating staff fails, there are some protections IT teams can manually put in place to mitigate risk even further.
- Constant software updates – if employees opt to use their devices for work purposes, this has to be under the precedent that the phone is updated regularly. Be sure to provide employees with the support necessary to deliver these updates.
- Password security – to minimize security risks, roll out a compulsory monthly password change. Also, ensure that you are putting up restrictions around the type of passwords employees are using, making it less obvious to potential hackers.
- Encrypt data for protection – smartphones and tablets have encryption options that will provide protection of storage. Smartphones that are encrypted have a lower risk of being hacked.
- Clear all phone data – if employees decide to move on to a new device or stop using their current device, ensure you manage the deletion of all data from that phone and a strict policy around discarding devices.
As work from home has become the new normal this year, it is becoming increasingly complicated to manage the sprawl of a company’s data. While these agile work trends had been predicted for the next 5-10 years, organizations were not prepared for them to become so mainstream in 2020. As we look to the future, this is only going to become more and more complicated.
It’s important for IT teams to understand all the risks as their companies take on more flexible working arrangements in the new future. A huge part of this is of course understanding the risks that come with using personal devices, particularly in the process of discarding them or sending them to a new home.
About the Author
Rick Vanover (Cisco Champion, VMware vExpert) is the Senior Director of Product Strategy for Veeam Software based in Columbus, Ohio. Rick’s experience includes system administration and IT management; with virtualization, cloud, and storage technologies being the central theme of his career recently. As a blogger, podcaster, and active member of the IT community, Rick builds relationships and spreads excitement about Veeam solutions. Before becoming the “go-to” guy for Veeam questions, Rick was in system administration and IT management. His community designations include VMware vExpert and Cisco Champion.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.