{"id":2100,"date":"2013-06-18T10:00:29","date_gmt":"2013-06-18T14:00:29","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=2100"},"modified":"2020-02-26T10:40:18","modified_gmt":"2020-02-26T15:40:18","slug":"inside-out-vs-outside-in","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/inside-out-vs-outside-in\/2100\/","title":{"rendered":"Inside Out vs. Outside In"},"content":{"rendered":"<p>When we think of information security, we tend to think of external hackers and cyber-criminals fighting their way inside an organisation\u2019s network to steal its information. Clearswift commissioned some <a href=\"http:\/\/www.clearswift.com\/sites\/default\/files\/images\/blog\/enemy-within.pdf\" target=\"_blank\" rel=\"noopener nofollow\">research<\/a> that takes a holistic view of information security incidents and found that 83% of organisations surveyed said they had experienced a security breach in the last 12 months. However, contrary to where the security spend is focused, 58% of all incidents originated from inside the organization rather than from shadowy, malevolent outsiders \u2013 the culprits being employees, ex-employees and trusted partners: people like you and me.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/06\/06050528\/byod_title.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-2101\" alt=\"byod_title\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/06\/06050528\/byod_title.jpg\" width=\"640\" height=\"420\"><\/a><\/p>\n<p>The research uncovered the fact that 72% of organisations are struggling to keep up with changes in the security landscape and the policies required to support the changes in the way people communicate and the way business is conducted today. One of the major changes in both business practice and business risk has been the rise of Bring Your Own Device (BYOD).<\/p>\n<div class=\"pullquote\">The top three BYOD threats are: <br>\u2013 employee use of USB or storage devices; <br>\u2013 Inadvertent human error; <br>\u2013 employees sending work-related emails via personal email devices.<\/div>\n<p>However it\u2019s not fair to lump the blame for these types of security risk solely on employees if they are being encouraged (or at least not discouraged from) adopting BYOD. Roughly one third (31%) of organizations are proactively managing BYOD, while 11% reject it outright. Those who reject the use of BYOD are more likely to encounter internal security threats (37% vs. 18% for those who proactively manage it). In the survey, 53% said that employees would use BYOD on the corporate network whether it was sanctioned or not. The onus is on the company to manage their use rather than behave like an ostrich and pretend it won\u2019t happen.<\/p>\n<p>So, what next? Organizations need to acknowledge that the threats from within are at least as important as those from outside and should plan their security spend accordingly. When it comes to BYOD, a comprehensive set of policies must be put in place as quickly as possible. There should be an education or awareness programme for both users and employers alike around the risks BYOD can have and how these risks can be mitigated, so that employees\u2019 personal devices can be used securely.<\/p>\n<p>If your company still doesn\u2019t publish BYOD rules, you as an employee can stick to our recommendations:<\/p>\n<ol>\n<li>Don\u2019t put your company (or yourself) at risk by using your personal devices, even USB sticks, to process corporate data without prior consultation with a system administrator or an information security officer.<\/li>\n<li>If you need to use a USB stick, then use one which has encryption on it \u2013 and preferably one that your company endorses. There are lots to choose from out there and they are not that much more expensive than unencrypted options. For the sake of \u00a320 you could save your company its reputation.<\/li>\n<li>The same goes for private e-mail accounts. If you have a pressing need to use private e-mail (e.g. your corporate mail is down), set up a dedicated account with maximum security applied (Gmail with <a href=\"https:\/\/threatpost.com\/google-enables-gmail-two-factor-security-150-countries-072811\/\" target=\"_blank\" rel=\"noopener nofollow\">two-factor authentication<\/a> switched on could be a great starting point).<\/li>\n<li>Send any documents strictly in encrypted form. There are plenty of ways to do that \u2013 starting from password-protecting MS Office documents or ZIP files with a <a href=\"https:\/\/www.kaspersky.com\/blog\/21st-century-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\">strong password<\/a>. Of course you must not send encrypted passwords in the same e-mail- call the recipient by phone to tell them the password.<\/li>\n<li>Don\u2019t set up your working e-mail account on your private device without prior consultation with a system administrator. There are <a href=\"https:\/\/www.kaspersky.com\/products\/business\/security-applications\/mobile-device-management\" target=\"_blank\" rel=\"noopener nofollow\">specially protected clients<\/a> to do that in a safe way.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>When we think of information security, we tend to think of external hackers and cyber-criminals fighting their way inside an organisation\u2019s network to steal its information. Clearswift commissioned some research<\/p>\n","protected":false},"author":202,"featured_media":2102,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[415,416,264],"class_list":{"0":"post-2100","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-byod","9":"tag-data-threat","10":"tag-device-security"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/inside-out-vs-outside-in\/2100\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/inside-out-vs-outside-in\/2100\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/inside-out-vs-outside-in\/2100\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/inside-out-vs-outside-in\/2100\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/inside-out-vs-outside-in\/2100\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/inside-out-vs-outside-in\/1002\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/inside-out-vs-outside-in\/2100\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/inside-out-vs-outside-in\/2100\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/byod\/","name":"BYOD"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/202"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2100"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2100\/revisions"}],"predecessor-version":[{"id":32807,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2100\/revisions\/32807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2102"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}