Securing information in a mobile world
For many businesses, their workforce is becoming increasingly mobile and they are enjoying the benefits that come with a mobile strategy, with 84% of companies reviewed in 2017 reporting an increase in productivity due to the use of mobile applications and devices, such as smartphones, tablets, laptops and wearables. Providing the ability to take a walk when motivation drops or their kids to the playground when the sun is out, keeping people on hand to respond and flexibility to complete work on time when it’s more suitable later in the day.
Whilst this flexibility can yield great returns for staff engagement, retention and overall business and employee health, it’s also highlighted the need for securing company information across these devices. Whether information is stored on the device itself or within a private or public cloud, securing information is the most important factor in any mobile strategy.
An effective mobile strategy takes into account your business goals, ideas and objectives, as well as your intended competitive advantage, such as employee engagement or at customer site versatility.’ Once the scope of your strategy has been defined, a Mobile Device Management (MDM) system will enable your business to set out the parameters for the use of company-owned and BYOD (Bring Your Own Device) portable devices by employees. An MDM policy aims to protect your business from data loss or breach by controlling and monitoring the access of information on mobile devices by staff.
Some of the advantages of an MDM system when integrated effectively into a business mobile strategy:
The ability to identify and track access to information used across the organisation, within the office or remotely.
Handling requests from new devices and authorising access to information from those devices that meet company policies.
Enforcing secure access to the company network at all times, even via unsecured public WiFi.
Personal devices can be configured by staff themselves, with security systems that allow business information and applications to be separated from their personal content and apps on the device.
Automate deploying of new software and apps, while keeping all devices updated and consistent, such as anti-virus, VPN policies and desktop application versions.
Remotely automate reprovisioning and reassign devices for a new member of staff, without the need for the IT department to touch the device.
Allow staff to securely handle sensitive information themselves and enable remote locking and if necessary, remotely wipe data should the device be lost or stolen. Providing staff self-managed security of their own personal devices, while enabling the business to police sensitive information.
There are certain industries that are legally bound to protect certain sensitive and/or confidential information, such as the health and finance sectors, however, with the start of GDPR in May all businesses are accountable for the information they hold on individuals; enter identity access management (IAM), it’s not good practice to allow all employees access to all company information at all times. Employees really only need access to the information necessary to conduct their work, while still providing the flexible processes and systems to authorise and revoke access to information as needed, providing better overall data security and minimising the potential impact of a data breach.
With the multitude of devices available to users today, IT departments no longer focus on protecting the devices themselves, instead shifting towards protecting the data being used and stored on roaming devices. With a verity of solutions available such as multi-factor authentication, encryption and automated ageing out of temporarily cached data. Whilst an MDM strategy provides the tools to set passwords and build encryption into all mobile devices, there is still a need for well-defined rules to ensure the strategy remains effective and staff understand and know why these policies are in place and the benefits they also bring to them.
Ultimately, information security is everyone’s responsibility.
Privacy of personal data has been a major concern for individuals in recent years and is growing stronger with the introduction of wearables and IoT devices. As people are beginning to understand how to protect themselves personally, they are also becoming more interested and relate to business security strategies and follow security best practices.
The workforce is still considered to be the weakest link when it comes to IT security. Access to clear information and guidelines, as well as education and training to raise information security awareness, is essential. Without this, any attempt to improve mobile strategy will expose the business and limit the benefits for the company and staff. It’s not just a case of sitting everyone down in a conference room and telling them what they should and shouldn’t be doing. Staff need to know why they should care, why they need to break old habits and adopt new practices. With higher levels of data and security management understanding, employees will be better able to ensure that they play their part in keeping company information secure.