The Bring Your Own Device (BYOD) trend has had a huge impact on the way in which many firms do business, having a particularly significant impact on the working culture of employees.
Many workers have arguably enjoyed the freedoms that come with using their devices so much that they are now beginning to see BYOD as a right rather than a privilege.
As a result, chief information officers have found the prospect of keeping control a tough proposition, leaving many systems potentially exposed to data breaches and malicious attacks.
Added to those challenges is the fact that the multi-channel nature of many attacks makes it all the more complicated to draw up a strategy that is truly effective in protecting sensitive data.
The main goal of a BYOD strategy should therefore always be about ensuring that employees can remain independent, but without surrendering control. Always ensure that at least the most basic threats are handled in the correct way.
But while setting up a standard code of conduct for using mobile devices is a pre-requisite to a successful BYOD strategy, there are several other facets that need to be accounted for.
At the centre of BYOD and flexible working strategies is the cloud, which provides a powerful core for storing and processing information.
However, it has also made the process of creating a secure BYOD set-up far more complicated than simply protecting the data stored on mobile devices.
There is an understandable feeling among many companies that implement a cloud service that security is primarily the responsibility of the provider rather than the end user.
While to an extent this holds a certain degree of truth, using the service responsibly is always down to the company, and more specifically, the employee.
Educating workers about how best to use these services is therefore essential, with the key lesson being the idea that security can never be taken for granted.
A recent survey by Softchoice entitled entitled “(Still) Careless Users in the Cloud”, found that a quarter of business users were storing passwords in documents that were not under the protection of a password, making them accessible to cyber criminals.
Such mistakes are not being made through a lack of attention, but rather through ignorance of the risks. Many employees in these situations simply do not know they are doing anything wrong.
As technology blogger Richard Robinson explains, the evidence of malicious activity is often not known until it's too late.
In a post for Security Intelligence, he said: "No warning sign comes up; employees only see the cloud as another resource that comes up on their monitor — not the massive risk it actually is. The time to discover the need for basic cloud security education is not when a breach occurs and company data spills all over the Internet."
Education is therefore key to successful security. Companies need to anticipate the likely behaviour of their employers and offer comprehensive guidelines on how to spot any potential risks.