Because of mobile devices, cloud services, mobile apps and mobile WiFi hotspots, employees can get around the most stringent IT security policies.
Many companies have a mixture of personal and corporate-owned devices.
Companies also have a mixture of IT policies that apply to each.
Some businesses also have some kind of enterprise mobility management (EMM) tool to enforce those policies and monitor devices, data and apps.
Some businesses have bring-your-own-device or security policies that outline usage rules for employees who use their personal devices for work.
Despite IT policies and restrictions, employees want to use personal devices for work because it allows them to be more productive.
Agreeing to IT-enforced policies usually gives employees the ability to access company email, use remote desktop tools or virtualization to access their files and use company-approved apps.
Breaches can occur when employees store company information in third-party cloud services or when they use a blacklisted app or other device that does not meet the company guidelines.
Employees who violate policies usually do so to be more productive. e.g., many companies require workers to “remote-in” to access files from a mobile device. An employee may find it easier to store those files in a personal Dropbox account and then access them from anywhere, even though that action may violate a corporate IT security policy.
The Threat is REAL!