CIOs believe their employees are their biggest security risk

Singapore’s Chief Information Officers (CIOs) are stepping up their fight against the security risks posed by the widespread use of Bring Your Own Device (BYOD) practices, where employees use their own laptops, tablets and smartphones at work.

According to a recently published report, Cyber-security – Defending your future, commissioned by specialist recruiter Robert Half, more than one in three (36 per cent) CIOs say a lack of employee knowledge and skills around data security is the most significant security risk their organization will face in the next five years.

While traditionally, the response to IT security has been to find the optimum way to protect a business’ assets from external security attacks, a growing risk now faces organizations in the form of potential internal security threats. This threat is made evident by the fact that almost three in four (74%) CIOs allow their employees to access corporate data on their personal devices.

“BYOD practices pose a major cyber-security threat which requires protecting corporate networks and data, mobile device management, and developing security policies,” says Matthieu Imbert-Bouchard, Managing Director Robert Half Singapore.

Although it may not be intentional, simple human error can expose companies to increased cyber-attacks and situations where sensitive company data can be compromised. The impact of a data security breach on a company’s reputation can be devastating and it can take years to win back customer confidence, so proactively developing a robust IT security strategy should be a top priority.”

“However, BYOD practices offer many advantages such as increased employee satisfaction, productivity and cost savings, so companies must take steps to balance both their employees’ needs and their security concerns.”

To combat the ongoing threat posed by BYOD, nearly all (97 per cent) of CIOs are taking action to protect their company from potential data breaches.

The most common response (58 per cent) is to train personnel on cyber-security policies and corporate practices when using their personal devices. Signing an acceptable use policy also seems to be standard practice for more than half (57 per cent) of the Singaporean companies. Technical applications are being implemented as 53 per cent say they are deploying mobile device management technology and 52 per cent are using authentication software.

There is an increased demand for IT security specialists with the niche skills needed to protect companies against data security risks, including risks related to BYOD. But finding the right skillset is a challenge, with 100 per cent of Singaporean CIOs saying it is difficult to source skilled technology professionals, with one in three (29 per cent) saying professionals with mobile security skills are the most in demand.

“Protecting their company from cyber-threats posed by BYOD is a crucial issue for all CIOs. The solution is to treat IT security as a continuous enterprise-wide process while making all employees aware of the risks associated with email, social media and confidential information,” Imbert-Bouchard concluded.