Your employees are the biggest risk to your business

27 October 2016

6 min read

The rise of Bring Your Own Device means the biggest threat to business could be staff devices. What do the experts think?

Your employees are the biggest risk to your business (Desktop)

Find out about HP EliteBook x360

Bring Your Own Device (BYOD) is a double edged sword. Some see it as a chance to save on tech – why buy laptops and phones when your staff prefer to use their own? But an increasing number are worried about the security risks that come with adopting a BYOD and would prefer to offer CYOD (Choose your own device).

But of course this doesn’t come without it’s own unique set of security concerns.

AtThis is why safety comes first at HP, safety comes first. The military-grade tested HP Elite range is military-grade tested and offers security technology that is second to none. For example, the HP EliteBook x360 was recently announced as the world’s thinnest and most secure business convertible.1 Equipped with the latest 7th Gen Intel® Core™ processors, it also packs a punch.. Intel Inside®. Powerful Productivity Outside.

Consumer devices are often preferred by a growing millennial audience because of the perception that business devices are lacking and harder to use: “…business devices [are struggling] to catch up with technologies designed for consumers… Usability is a big factor around the consumerisation of IT,” Forrester analyst Dr. Thomas Mendel, “But style and fashion are also becoming decision factors [for business users].”

“Business devices are struggling to catch up with technologies designed
for consumers”Dr. Thomas Mendel, Forrester

The HP EliteBook x360 a high spec hybrid laptop comes with 360° of versatility across five modes, and up to 16 hours and 30 minutes of battery life2 bringing the best of business and consumer technology into one device. It’s the business device that’s not only caught up with consumer devices, but has surpassed them.

Mendel has also warned that devices such as iPhone and services like Skype have quickly established user bases. After all, consumer devices aren’t just pieces of hardware – they’re intrinsically linked to services, both business and consumer (i.e. iTunes and Skype for Business). CIOs should view the services model when reviewing how consumer technology fits into business, particularly with how that translates to security and the ability to scale with business demands.

By 2018, 40% of large enterprises will have formal plans in place to deal with aggressive cybersecurity attacksGartner

74% of organisations are already allowing or planning to allow a BYOD policy, so the impact of consumer devices on security can’t be ignored. Gartner says that by 2018, 40% of large enterprises will have formal plans in place to deal with aggressive cybersecurity attacks. The increasing number of large-scale attacks over recent years means CIOs in particular are required to make these contingency plans a priority.

“Gartner defines aggressive business disruption attacks as targeted attacks that reach deeply into internal digital business operations with the express purpose of widespread business damage,” said Paul Proctor, VP and analyst at Gartner. ”Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the Internet by attackers. Victim organizations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack… These attacks may expose embarrassing internal data via social media channels — and could have a longer media cycle than a breach of credit card or personal data.”

While the impact both public perception of a company, customer relationships and data integrity can be huge, it doesn’t end there. Depending on the scale of the attack, employees may not be able to get back to normal in the workplace for many months.

“Entirely avoiding a compromise in a large complex enterprise is just not possible”Paul Proctor, Gartner

It’s for this reason that most are switching their focus from blocking and detecting attacks, to detecting and responding to attacks.

“Entirely avoiding a compromise in a large complex enterprise is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur,” said Proctor. “Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security program. Balancing investment in detection and response capabilities acknowledges this new reality.”

The Internet of Things (IoT) is getting bigger and better with every new product that gets released. Because of this, it’s not only attracting larger budgets but also attracting more attention from CIOs and cyber criminals alike. Technology like this is easily adopted due to the ease of use and convenience that it brings to users’ lives. Unfortunately, consumer devices often don’t have the same levels of security – either on board or manually configured. When combined with lack of users’ security knowledge, it can make for a dangerous combination.

The future of device security

Gartner predicts that the standard to which security programs are held will intensify, with more attention being paid to risk and business change. It’s also thought that Executive boards will provide more support and guidance, since the onslaught of hacking scandals that have rocked a large number of businesses, from Sony Entertainment to Ashley Madison and T-Mobile.

“Security is not a technical problem, handled by technical people, buried somewhere in the IT department”Paul Proctor, Gartner

As disruptive as these attacks have been, they have been something of a wakeup call for businesses all over the world, and key to building the business case for proactive thinking about cybersecurity risk and investment into more robust systems.

“CISOs and chief risk officers (CROs) can and should persuade executives to shift their thinking from traditional approaches toward risk, security and business continuity management. Security is not a technical problem, handled by technical people, buried somewhere in the IT department,” said Proctor. “Organizations need to start solving tomorrow's problems now.”

Dr. Mendel commented that moving forward to rely more heavily on standardised technology is one of the ways to combine security with consumer style ease of adoption. Mendel suggests that an increasing number of businesses will benefit from this cheaper and more reliable way of doing this than regular purchasing models.

The EliteBook x360 is not only sexy but it is seriously secure. HP Sure Start resets the BIOS if it detects a threat. Multi-factor Authentification (MFA) uses facial, iris and fingerprint login to enure that only you get in. HP Sure View privacy screen obscures the display from the sides, preventing onlookers from seeing what you are working on.

Find out more here.

Intel, the Intel Logo, Intel Inside, Intel Core, and Core Inside are trademarks of Intel Corporation in the U.S. and/or other countries.

1. Most secure based on HP’s unique and comprehensive security capabilities at no additional cost among vendors with >1M annual sales as of December 1, 2016 on HP Elite PCs with Intel 7th Gen Intel® Core™ processors, Intel® integrated graphics, and Intel® WLAN. Thinnest Based on competitors with >1m units annually of convertible, non-detachables having a Windows Pro OS and 6th or 7th generation U series Intel® Core™ vPro™ processors.

2. Windows 10 MM14 battery life will vary depending on various factors including product model, configuration, loaded applications, features, use, wireless functionality, and power management settings. The maximum capacity of the battery will naturally decrease with time and usage. See www.bapco.com for additional details.