Cultivating corporate data hygiene

Michael Covington at Jamf explores the trade-off between convenience and privacy

 

Personal privacy erosion is a contentious issue. From big social media conglomerates to criminal gangs, individuals are subject to an unprecedented number of entities seeking access to their personal information. 

 

This isn’t limited to brands attempting to sell and market products either. Many employers are finding themselves in possession of sensitive data, even if they didn’t seek it in the first place. Sometimes they have an outdated mindset of monitoring user productivity, but other times it’s because they only know about tooling that wasn’t developed for the modern age.

 

Companies have a responsibility to safeguard data; as they embrace new ways of working (e.g., remote work) and allow new device types and ownership models (e.g., mobile or BYOD) they have to modernize their approach to managing those devices whilst ensuring the security of both personal and corporate data. 

 

Privacy preservation must begin with the individual 

One of the primary issues in corporate data security is the balance between convenience and privacy. The user must play a part in protecting their own personal data rather than relying exclusively on the systems around them to do so. 

 

For example, most employees might often opt for convenient memorable passwords and reuse them across different applications. Ultimately, this convenience comes at the expense of protecting data and their identities.

 

As humans, we tend to avoid risks. Yet, digital privacy warnings don’t always cut through. Many will hit the "click to agree" button on an application without weighing potential security or privacy implications for even a moment. The reason for this naivety is because users see such request as a minor ask, and human nature is to overcome hurdles to achieve their goals.

 

End users also frequently neglect opportunities to remove unnecessary apps, review security configurations, or scrutinise app permissions. This means that there is a dire need for companies to impart knowledge about best cyber hygiene practices to employees.

 

The importance of workshops, training and sharing

Security leaders can drive change by instigating regular initiatives such as “data privacy hygiene days” or providing workshops and training dedicated to bolstering personal data privacy. The provision of tutorials and timely alerts, disseminated via platforms such as Slack or interactive seminars, can also cultivate and reinforce good security habits among employees.

 

Nevertheless, whilst organisations routinely allocate resources for training schemes intended to shield corporate data, there is scope to go further. An employee with a heightened awareness of personal security threats is in a better place to adopt improved practices at the workplace, promoting an environment of vigilance and mutual benefit.

 

It’s also important for organisations to build trust with employees and encourage them to share their experiences related to privacy and personal online security not just with IT but with each other to foster ongoing awareness, which can only be possible if leaders stop shaming employees who fall victim to cyber-attacks.

 

Transparency in the modern workplace

Whilst organisations counsel their employees on the importance of judging which applications and third parties gain access to their data, the companies have their own responsibilities to uphold. Organisations must exhibit equivalent transparency, offering clarity to employees regarding the scope and nature of the data they are privy to.

 

However, keeping users informed requires more than token gestures. It demands an informed and intelligible communication method, fostering an environment where open dialogues can flourish. Employees should feel empowered to enquire and understand the nuances of how the organisation manages and processes their data. 

 

Organisations can encourage transparency across the entire user journey in a number of ways: 

• Allow users to opt-in to their IT experience; by taking an active step in enrolling devices, they become part of the process and better understand the environment that is created for their personal productivity. 
• Be transparent with data collection standards and enforced policies so users are free to establish a set of personal workflows that are in-line with organisational expectations.
• Provide the tools that enable productivity, not those that emphasise blocks and restrictions; users need to feel empowered to work, not like they are tip-toeing around a minefield.

 

Modern devices require modern policy

It is very important for companies to build trust and have transparency regarding data access and collection through management and security tools deployed on users’ devices. Whether the device is part of a BYOD scheme or is company-provided, employees still need to consider what is happening to their data. 

 

Organisations should see data privacy and security as conjoined entities, mutually reinforcing and collectively aiming to diminish risks. An evolving corporate ethos recognises the significance of security tools and is also attuned to preserving employee privacy.

 

Furthermore, in a rapidly changing digital environment, employees must seek clarity about the extent of the employer’s visibility over their data. Armed with this knowledge, they can make informed choices, such as segregating professional and personal data across two devices.

 

An educated and empowered employee, who is equipped to champion their data privacy, is a shield for their device and helps elevate the security stature of the organisation.

 

The safeguarding of personal and professional information is of paramount importance. For businesses, the challenge lies in implementing robust security measures and cultivating a culture of transparency and education.

 

Companies can bridge the gap between security and privacy by ensuring employees are both aware of and actively engaged in data protection processes. The convergence of these principles fosters a trusted, informed workplace, safeguarding corporate integrity whilst empowering individuals.

 

With trust and transparency, organisations and employees should work towards a secure digital future.

 

---

 

Michael Covington is VP of Strategy at Jamf

 

Main image courtesy of iStockPhoto.com