Ask a cybersecurity expert or hacker to name the weakest link in any security plan and they will inevitably answer “the people.” Just like everything else, security can’t account for the unpredictability of the human factor. In an enterprise setting, employees will circumvent protocols for the sake of convenience, offer bits of information to strangers because they asked nicely, and generally make a mess of any well-laid enterprise-wide cybersecurity plan.

According to the Cybersecurity Trends 2017 Spotlight Report (PDF), 54% of cybersecurity professionals surveyed anticipate a successful cyberattack on their organization in the next 12 months. Some 40% of those professionals also view the lack of employee awareness as a major obstacle to stronger cybersecurity.

With increases in mobility and the adoption of a BYOD culture in the enterprise, 69% of the surveyed cybersecurity professionals are increasingly concerned about data leakage. Another 64% believe their organizations will have to deal with the download of unsafe applications and the introduction of malware stemming from portable storage devices and the like in the next year.

SEE: 10 tips for reducing insider security threats (TechRepublic)

While workforce mobility and the culture of BYOD certainly produce tremendous benefits for modern enterprises, the technology presents a challenging risk for cybersecurity professionals. The only viable approach to overcoming, or at least mitigating, the human factor is to educate employees and establish a comprehensive policy to govern how personal devices, especially portable storage devices, will be introduced to an enterprise network.

TechRepublic’s premium sister site, Tech Pro Research, offers a ready-made Portable Storage Device Policy to help you regulate and secure usage of portable storage devices to help reduce the risks.

Also read…

Your thoughts

What steps have you taken to combat the potential vulnerabilities created by BYOD programs and portable storage devices? Share your tips and opinions with fellow TechRepublic members.