The use of personal mobile devices in the workplace has skyrocketed, creating unprecedented threats to information security. Organisations that are geared up to meet these risks can reap tremendous gains in productivity and competitive advantage.
So says Lauren Wain, General Manager at Credence Security, who says staff members want to access work files from the same smart phones they use to update their social media, text their friends, and do their online banking. “The benefits are clear: Accessing company data information from smart devices enables workers to be more accurate, efficient and flexible.”
However, as undeniable as the benefits are, so are the risks. “Just think about how easy it is to lose a smartphone. These can be left in a cab, at an airport, in a restaurant. Once lost, the device is a total liability, containing a host of proprietary company information, work contacts, personal messages and customer data – all of which is now at risk of getting into the wrong hands.”
And losing a device isn’t the only danger, she says. “Mobile phones, tablets and wearables, can also expose businesses to data loss as a result of malicious software such as viruses, worms and Trojans.”
Then there’s the threat of social engineering. “Most people totally overshare on social networking, and employees can easily divulge sensitive company information purely by accident, or should they fall prey to clever cyber criminals. Cloud applications are also a danger, as they blur the lines between control and ownership of data. The dangers are endless.”
However, organisations that proactively tackle these risks and implement effective security capabilities can reap all the benefits that mobility brings. “So how do they do this? A combination of governance, support processes, education and tools is the answer.”
The first thing a business needs to do is update the governance model to include mobile
information-sharing rules and regulations, and clearly define the objectives for managing mobility
risks. “Formulate a mobile device policy that sets out the rules, policies and procedures governing the use of mobile devices within the work environment. This needs to include personal devices that attach to the corporate network, as well as any company issued devices,” she says.
Policies should cover areas such as device and infrastructure security, roles and responsibilities, security assessments, training, and what to do in the event of a lost or stolen device. This will create a helpful framework for applying all the solutions and best practices within the organisation, and needs to be integrated into the organisation’s overall security policy.
“Also, ensure that all devices that plug in to the company network have some good AV installed, as this will protect against the usual malware, spyware, viruses and the associated attacks. Certain products on the market feature anti-spam capabilities too, and firewalls to guard against any unwanted or suspicious connections by intercepting incoming and outgoing connections based on pre-set rules, and blocking or allowing them as necessary.”
Wain adds that it is also a good idea to set automatic updates to ensure all the bases are covered. “It is useless to have a good anti malware solution if it is left to get outdated, and procedures can be set to make sure updates happen as they made available.”
Moreover, any anti-malware solutions should have the capability of remotely disabling and wiping any devices that might get lost or be stolen. “This feature allows the technical team to either lock the devices to make sure there is no unauthorised access or wipe the contents remotely,” she explains.