Also, "make sure employees use strong passwords on all devices," he adds. "Passwords are the first line of defense, so make sure employees use passwords that have upper and lowercase letters, numbers and symbols," Carey explains.
"It's also important to use a separate password for each registered site and to change it every 30 to 60 days," he continues. "A password management system can help by automating this process and eliminating the need for staff to remember multiple passwords."
Encryption is also essential.
"As long as you have deployed validated encryption as part of your security strategy, there is hope," says Potter. "Even if the employee hasn't taken personal precautions to lock their phone, your IT department can execute a selective wipe by revoking the decryption keys specifically used for the company data."
To be extra safe, "implement multifactor authentication such as One Time Password (OTP), RFID, smart card, fingerprint reader or retina scanning [to help ensure] that users are in fact who you believe they are," adds Rod Simmons, product group manager, BeyondTrust. "This helps mitigate the risk of a breach should a password be compromised."
Risk No. 3: Mobile Devices (BYOD)
"Data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords," explains Jason Cook,CTO & vice president of Security, BT Americas. "According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months."
Indeed, "as more enterprises embrace BYOD, they face risk exposure from those devices on the corporate network (behind the firewall, including via the VPN) in the event an app installs malware or other Trojan software that can access the device's network connection," says Ari Weil, vice president, Product Marketing, Yottaa.
Solution: Make sure you have a carefully spelled out BYOD policy. "With a BYOD policy in place, employees are better educated on device expectations and companies can better monitor email and documents that are being downloaded to company or employee-owned devices," says Piero DePaoli, senior director, Global Product Marketing, Symantec. "Monitoring effectively will provide companies with visibility into their mobile data loss risk, and will enable them to quickly pinpoint exposures if mobile devices are lost or stolen."
Similarly, companies should "implement mobile security solutions that protect both corporate data and access to corporate systems while also respecting user's privacy through containerization," advises Nicko van Someren, CTO, Good Technology. "By securely separating business applications and business data on users' devices, containerization ensures corporate content, credentials and configurations stay encrypted and under IT's control, adding a strong layer of defense to once vulnerable a points of entry."
Sign up for Computerworld eNewsletters.