Employees remain as biggest security risk

Hong Kong’s CIOs are stepping up their fight against the security risks posed by the widespread use of Bring Your Own Device (BYOD) practices, where employees use their own laptops, tablets and smartphones at work.

According to a report commissioned by specialist recruiter Robert Half, one in three (33%) CIOs say a lack of employee knowledge and skills around data security is the most significant security risk their organization will face in the next five years.

A growing risk now faces organizations in the form of potential internal security threats, which are made evident as 74% of CIOs allow their employees to access corporate data on their personal devices.

Adam Johnston, managing director Robert Half Hong Kong, said that BYOD practices demand that corporate networks and data are protected, that mobile device management strategies are put in place, and that security policies are developed.

To combat the ongoing threat posed by BYOD, nearly all (99%) CIOs are taking steps to protect their company from potential data breaches, and 57% have deployed mobile device management technologies to enforce enhanced protection on employee’s mobile devices while 56% require employees to sign an acceptable use policy.

More than half (51%) of CIOs are providing training to their staff on maintaining security with using their mobile devices and more than two in four (45%) are using authentication software.

There is an increased demand for IT security specialists with the niche skills needed to protect companies against data security risks, including risks related to BYOD.

However, 98% of Hong Kong CIOs find it challenging to source skilled technology professionals, with almost one in four (23%) saying professionals with mobile security skills are the most in demand.

“Protecting their company from the cyber-threats posed by employees and BYOD is a crucial issue for Hong Kong CIOs,” said Johnston.

“The solution is to treat IT security as a continuous enterprise-wide process while making all employees aware of the risks associated with email, social media and confidential information,” he added.