These evolutions, particularly with regards to mobile devices, are great for your business as they enable your employees to be more productive, from more places, than ever before. However, with common access to sensitive centralised systems and the growth of big data, the importance of security for these rapidly evolving systems cannot be overstated. Threats to IT infrastructure develop just as quickly as the infrastructure itself, and the further a system is stretched the more holes are exposed.

According to the Australian Department of Defence’s Cyber Security Operations Centre, “once a vulnerability in an operating system or application is made public, you can expect malware to be developed by adversaries within 48 hours”.

Roll the dice, pay the price

Comprehensive IT security, like airbags in your car, is something you simply must have. But as with all insurances and protective measures, it’s only when they’re deployed that their true value is realised. A data breach could cost your company anything from the loss of a client to the loss of a major project or contract, possibly leading to crippling legal action.

According to the Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis, the average per capita cost of a data breach for Australian companies is US$135. It doesn’t take much advanced calculation to conclude that even fewer than 10,000 compromised records already represents a cost of more than a million dollars. In fact, the report states the average cost of a data breach across Australian businesses was more than US$2.5 million in 2013.

What's the risk to my business?

All industries are at risk, although the impact of breaches does differ. The report found that industries like healthcare, education, finance and pharmaceutical had a per capita data breach cost that was substantially above the overall average of $145. However, the truth is that any company that holds data, their own or a customer’s, runs the risk of it being compromised, but there are many factors that can exacerbate that level of exposure.

The human factor

The battle for IT security is being fought on many fronts and sometimes there are losses to friendly fire. Flexible and remote work practices have led to a multitude of portable devices running different operating systems all needing secure access to networks and databases from inside organisations and for third parties. While this obviously means the technical side of security has to adapt to new environments, an important factor that is often overlooked is employee education and compliance.

It doesn’t matter how secure your virtual private network (VPN) access is if your employees are downloading confidential data and leaving it on unsecured devices outside of your protected network. Your system can have every security measure imaginable and still be breached if a key person’s idea of a complex password is typing their birthday backwards.

Ponemon’s report revealed that malicious attacks are still the leading cause of data breaches globally, accounting for 42 per cent, with human error not that far behind at 30 per cent.

Culture breeds compliance

Nothing will take the place of a robust security infrastructure and a carefully controlled network environment, and naturally we look to our network security experts to handle the details and remain up to speed.

However, considering the expense of maintaining security at that highly technical level, investment in your staff is a seriously cost-efficient way to reduce the risk of security disasters. A little training can go a long way and a strong culture around security can encourage common sense when it comes to system integrity. Password management software can also enable employees to have complex passwords without having to write them all on a post-it note that they keep in their laptop bag.

Stay up to date

Finally, having the latest technology with consistent and current operating environments is key to maintaining system integrity. Ensuring your employee’s portable devices are equipped with security and manageability features such as Trusted Platform Module (TPM), in-built Basic Input/Output System (BIOS) security and Intel® vPro™ lowers the risk of a breach when they’re outside your secure environment, and allows system patches to be managed remotely at fleet level.

Data encryption is non-negotiable and devices with biometric safeguards, such as fingerprint readers, can take security up another notch. Advanced technology such as the new ThinkEngine from Lenovo will log access to your system, software and even your laptop’s casing, so digital and physical security breaches won’t go unreported.

Every day brings a higher baseline

It’s clear that the bar for employee and device compliance to security measures is getting higher and that these links can weaken even the strongest security infrastructure. Maintaining an up-to-date PC fleet and training your staff are two cost-effective ways to give your security team a fighting chance, freeing them from policing the basics so they can focus on the major threats.