The Security Blind Spot: Mobile Devices
While mobility can lead to increased productivity and efficiency, there are also risks associated with it.
Articles published July 10, 2017 by Ben Killion
How often do you use mobile devices (such as phones and tablets) for work purposes like checking and responding to emails, forwarding attachments, or even accessing corporate data?
If you’re like me, your answer is probably quite often! With constant advancements in mobile technology and software, it seems this trend will only continue to increase.
As more organizations embrace the need for mobile technologies, the more employees are able to share and access sensitive data outside the corporate network. While mobility can lead to increased productivity and efficiency, there are also risks associated with it.
According to a recent Kaspersky Lab Report, the most vulnerable area for an organization is the inappropriate usage or sharing of data with mobile devices. Fifty-four percent of organizations said they are vulnerable and don’t understand how to fix this problem. The second most vulnerable area was the loss of mobile devices, which results in even more risk.
A more in-depth look at the report reveals that 37 percent of organizations reported a large increase in smartphones that have accessed company data and need additional security and management.
Even though organizations are often aware of this liability, they continue to struggle with solutions to minimize their risk. These statistics reflect the importance of having an effective strategy in place when it comes to managing mobile devices. Here are some ways you can start forming a solid strategy and limiting inappropriate usage of sensitive data.
Manage Your Mobile Devices Effectively
At a basic level, the goal of mobile device management is to protect the data on employee devices. This reduces the risk of a mobile device being compromised, and better protects your data, should the device be lost or stolen. Most mobile device management systems allow you to manage the users’ devices, establish a user policy, and wipe or reset the device in certain cases.
Today, more and more organizations are adopting a Bring Your Own Device (BYOD) mentality, where the employee uses their own tablets, smartphones, and laptops. While this has cost-saving potential, it also comes with its own set of challenges. One big issue surrounding BYOD—and personal technology as a whole—has to do with privacy and security. Whether it’s through apps, training, or just well-worded policies, you need to ensure that your employees aren’t sharing confidential information about your business or your customers. Likewise, you should have a plan in place that preserves employee privacy and doesn’t leave your company liable to charges that you’re using technology intrusively. You should also have a process around employee transitions that includes what happens to the employee’s mobile device when they leave your organization. Does the phone get wiped, and does the employee know what to do with it when they leave? This goes hand-in-hand with mobile device management, and can benefit your organization in the long run (especially if an issue does occur).
Another aspect to consider is mobile application management, which is similar to mobile device management. Mobile application management lets you manage and control specific apps on mobile devices. For example: you could delete or deny access to their email account, or an app they use for work, but leave the rest of the phone untouched. This method keeps your organization’s data secure, and it also lets your employees feel safe using their mobile devices.
Create a Data Policy
The Kaspersky Lab report also revealed that 80 percent of organizations say data protection is their top priority. One way to help ensure that your data is protected is through a data security policy.
A data security policy should be used to define approved methods to securely transfer or share data and define restricted methods to help stop the use of unsupported or unsafe services and applications. Policies should be very specific on what is acceptable and not acceptable for all employees. They should include information about email policies, mobile devices, social networking, and internet usage. These policies should be documented, communicated (multiple times), enforced, and periodically reviewed and updated.
Communicate, Communicate, and Communicate Some More
Managing your mobile devices and implementing a data policy are important steps to take to protect your data, but they are useless without your employees being on board. It is absolutely essential to communicate your policies and preferred method of data sharing with all of your employees on a regular basis. Your employees are smart, but if they don’t know how to go about sharing and accessing data the right way on their mobile devices, then there’s a good chance they could be creating unnecessary risk to your organization without even knowing it. These directives should be driven from the top down, and upper level management needs to be fully invested and leading the way. Take the time and clearly express the correct way to use their mobile devices for work to prevent your data from being out in the open for anyone to steal.
As mobile devices in the workplace increase, it’s important to be proactive and intentional with strategies to face mobility challenges.
How is your organizations addressing the IT challenges of a mobile workforce?
Why Use a Managed IT Service Provider?