As if we didn’t have enough examples this year, the “Corporate Boards Race to Shore Up Cybersecurity” article in The Wall Street Journal reinforced one of our greatest challenges as CIOs and CISOs. How can we enable our business to be more agile and successful, while minimizing risks and protecting our company, intellectual property and customers?
Previously, everyone used the same kind of computers on the same corporate network in the same offices. Alas, those days are gone. Today, we aren’t just defending against denial of service attacks – we are vigilantly protecting our companies from more organized, persistent threats to infiltrate our environment and exfiltrate our intellectual property. On the flipside, we must mitigate risks with a more mobile, global and social workforce that expects their IT capabilities at work to mirror the IT experience they have in their personal lives.
Consequently, as CIOs and CISOs, we need to delicately balance both our potential security risks and our employees’ productivity and privacy. Here are two instances to consider:
- I discussed the hybrid cloud in a prior blog. However, we must ask ourselves, have we made it easy for our business users to quickly, conveniently and cost-effectively leverage our private or hybrid cloud services to achieve their goals instead of using a less secure public cloud service? If not, we need to.
- The second instance revolves around our always-connected, mobile workforce. We recently surveyed 15,000 individuals globally and published the EMC Privacy Index, which captured the following stats:
- While 91% of respondents value “easier access to information and knowledge,” only 45% say they are willing to trade some of their privacy for easier access.
- While half of the respondents’ phones, email and social media accounts have been breached, 62% say they don’t regularly change their passwords; 33% say they don’t customize privacy settings on social media; and 39% say they don’t password protect their mobile devices.
Our users need access to information whenever, wherever and from whatever device they use. To accomplish this at EMC, we have deployed mobile device management, sync and share services, and are starting to roll out unified communications. While each of these services includes security elements, their objective is to enable our employees to be more productive and access the information they need without impacting our risk profile or their privacy.
That said, cybersecurity risks aren’t going away. In addition to applying Big Data analytics to monitor our environment for external threats, we must also continue to educate our employees about how to navigate the cybersecurity threats they encounter daily. After all, they are our first line of defense.
How are you balancing risk and productivity in your organization?