Enterprise leaders have been quick to mimic trends in the consumer world, chasing mobility, flexibility, and personalization. But this chase comes with financial and risk repercussions – increased cyber-security threats, as well as increased physical security exposure. Enterprise leaders and the growing population of chief information security officers must act now to ensure their cybersecurity policy stretches to physical devices, such as laptops and desktops.

Enterprise leaders must balance boosting productivity with growing information security threats

It’s logical for employers to embrace solutions and practices that increase productivity and boost employee wellbeing, but they often fail to appreciate the security implications of their decisions. The paradox is that organizations are also investing more than ever in cybersecurity to secure themselves against external security threats such as hacking.

But, one of the biggest threats is from an organization’s own staff and internal human error. IBM established in 2014 that 95% of security incidents involve human error. Simply put, when an employee walks out of your office with their laptop, tablet, or smartphone, they are physically walking out the front door with company files, information, and equipment.

International hacking makes the front page, but it’s the admin assistant leaving a USB memory stick or a laptop on the bus that causes the most damage

The average risk from an employee is small compared to a high-profile data breach. But what about when an employee leaves his laptop on the train or has his work device stolen—both relatively common occurrences. Let’s take a look at some high-profile examples. In 1990 the Royal Air Force lost a laptop containing plans for the first Gulf War when it was stolen from a car in west London. The laptop contained information about how the military planned to remove Saddam Hussein’s forces from Kuwait. In a more recent example, in June 2008, government documents detailing the UK’s policies toward fighting global terrorist funding, drug trafficking, and money laundering were left on a Waterloo-bound train.

Now, you can bet that given the high-profile of these organizations, an external hack would have been a no-go for anyone other than the most talented hackers—but human error and complacency effectively handed over privileged data to any third party that passed the devices.

This is the root of the problem: human error plays a significant risk in security incidents, and anything as simple as removing devices from company property adds another layer of risk. Even limiting this factor, human error can still take place within the confines of an office space. Personal device security has become lax in recent years with staff failing to follow even the most basic procedures, such as locking their device when leaving their work station. Leaving a remote-control application running on a PC with a weak password can provide an easy-to-breach back door.

Decentralized and shared office spaces, such as WeWork, are prime examples of how changing working practices open enterprises and individuals to risk. In these environments, it’s simply not possible to know if the individual sitting next to you is a competitor, hacker, or future best friend. Even with this uncertainty, professionals are unlikely to be practicing basic security hygiene.

Education, education, education—each employee must be a bastion of defense

There are multiple ways in which an organization can secure itself against the possible threats posed by flexible and decentralized working practices. The first line of defence is education; like anything, people need to have the basic dangers explained. They need to know that locking their device protects much more than the risk of a colleague sending out a joke email from their account when they leave their desk. Enterprise and security leaders must recognize that money spent on training is as worthy an investment as spending big on digital cybersecurity technologies.

The Bottom Line: Don’t lose hope. Increased pressure for secure working environments is driving augmented services solutions from the leading services providers. However, enterprise leaders must invest wisely.

There are also technological solutions that tackle the basics to add an extra layer of security. Most of the major IT services providers are pushing enterprise mobility management (EMM) products and services. Or, they are driving digital workplace solutions that keep privileged corporate data secure in the office or on the beach—balancing security with flexibility and productivity. An IBM EMM solution, for example, enables organizations to secure their files and information from theft through multiple features such as through the ability to lock, block, and wipe internet of things (IoT) devices over-the-air (OTA) in minutes. An organization may still incur the loss of the device in question, but this will most likely be negligible to the information that could have been at risk.

Other examples include EMM capabilities built into ITSM solutions to manage device lifecycles and protect corporate data. Even Microsoft has developed a suite of technologies to help balance increased flexibility with information security. To an extent, giant vendors of digital workplace solutions and productivity suites dominate the market, but as the market for secure mobile technology grows, we can expect some innovative start-ups to move into the space with fresh solutions to help secure physical devices in a world increasingly obsessed with cybersecurity.

Simply put, in a world where data flows continuously across consumer and B2B environments – increasingly the most valuable resource an enterprise owns—enterprise leaders must ensure they don’t spend all their time budgeting for an international hack when an employee leaving a device on the train poses more risk.