It’s important to start with getting the basics right—creating an acceptable use policy, using strong passwords, encrypting devices, training employees and securing cloud-based systems. But security isn’t just about keeping attackers out and telling employees what they can't do. It’s about empowering your people to do more, to innovate and to do their best work.
Get the basics right.
Failing on basic security?
Many organizations still aren’t doing enough to protect their mobile devices. Less than half (46%) said that they change all default/vendor-supplied passwords, and only 51% said they encrypt sensitive data when it’s sent over public networks. Yet these are two of the most fundamental security precautions—along with regular security testing and restricting access to data on a “need to know” basis. Only 13% of companies had all four of these basic precautions in place. This isn’t a one-off; it was 14% in our first report and 12% in last year’s edition.
Worried about phishing?
Year after year, we see companies get hit by phishing attacks. Yet less than half of organizations (49%) in our survey said that they give their employees ongoing training on IT security. Having email protection in place is important, but it’s not enough on its own. As we’ve mentioned, hackers are constantly innovating and finding ways to slip through these filters.
You can greatly improve your defenses by providing employees with ongoing training:
- Teach them how to recognize and report phishing, whether it comes via email, calls, apps or SMS
- Test their knowledge regularly
- Run mandatory retraining for those who score badly
Letting malware through?
Official app stores are constantly working to improve their scanning techniques and implementing more robust security filters, making them safer. However, many companies are letting employees roam the web and install whatever apps they choose, without such safeguards.
Despite the risks associated with malware and third-party apps, only 54% of organizations said that they restrict which apps their employees can install on mobile devices. And only 61% of organizations said they had a mobile device management (MDM), enterprise mobility management (EMM) or unified endpoint management (UEM) solution in place.