Tuesday, July 2, 2013

Bring your own Device or Bring your own Danger: What Internet Security Risks Does Your Manufacturing Company Have?

I have to be honest, I grabbed the title above from a recent IT seminar I attended. The seminar posed this question; Should your employees be allowed to bring their own personal devices to your facility and/or use them remotely?

Most people are pretty enamored with their phones, iPads and computers. The problem is that unfortunately, and especially in the case of phones and iPads and other tablet devices, the users of these have no way of knowing if their equipment has been compromised.

Jeez. I'll bet you are thinking that you finally got your employees to install anti-virus software on their computers. You also drilled into them the need to not click on every neato-nifty link that gets sent to them via email or pops up when they are surfing the net.

Kinda like the game Whack-a Mole. You pound out one internet security threat and another pops up. The only difference is that this type of threat can literally put you out of business. Really? Yes, Yes and YES!

Bad guys/hackers access your computer systems through the use of poor security on devices and implant programs that transmit information back to outside agents. No company of any size is immune and while larger companies surely offer richer targets, no company is too small for some hackers.

You may not think you have anything anybody would want. Think again. You have confidential information on your employees, bank account numbers for the company and maybe for your employees as well (for direct deposit payroll). You also may have customer information that you may be contractually required to secure. If you’ve ever been audited by a federal agency (IRS or FAA) it can be painful, especially if you’ve released private information such as Social Security numbers and bank account numbers.

What to do? Three things, right away (like, today!).

  1. Require that ALL and I mean all devices be scrutinized by IT professionals before allowing them to be used on your system
  2. Top rate security provisions should be set up within your system to detect data leaving the system
  3. Implement a security policy that makes all users of personal devices aware that by using them on the company system allows the company access to the device at any time to see if it has been compromised. This access will also apply to any data that has been downloaded by the user to see if they have the appropriate authority to have that data on their devices.

Sounds draconian but you won’t think so if you get compromised. You may love your PC, tablet or phone but it must be used within the confines of security for the network it is accessing.

David Senkfor is a manufacturing consultant based in Arizona. Contact him for advice on your manufacturing consulting needs. 

No comments:

Post a Comment