Everything is becoming more mobile. And with it, the number of exposed vulnerabilities that could bring your business security to its knees is increasing faster than ever. But it’s easy to underestimate the true extent of this challenge and just how ubiquitous it is among businesses.
Absolute Software recently conducted its second annual report into the changing face of data security, analysing the circumstances of over 13,000 thefts worldwide. The results were startling. At the top level, the amount of data remotely wiped from stolen devices has risen by over 700%, while the quantity of devices physically recovered is up by 132%.
So how do you improve your security without creating an unmanageable burden for your employees?
The first, most obvious concern is working remotely and working from home – in fact, within our research, the airport remains the leading location for device theft. It goes without saying that the further and more frequently you let a device travel outside the workplace, the greater the risk of it going amiss and requiring wiping or retrieval. But that’s not to say that you should impose limitations on how widely devices are allowed to be used.
One of the biggest misconceptions about managing the influx of mobile devices in the workplace is that you can increase security simply by laying down strict guidelines. Employees will break the rules every time, either through naivety, ignorance or ingenuity.
Whether through emailing a file to a personal account to work on out of the office or setting up a cloud storage account to access data on multiple devices. The opportunities for digital data breaches are broader than ever. Either way, the result is the same: you’re not as secure as you thought you were.
So when it comes to working from home, and remote locations, it’s better to find ways to enable your employees to use their devices in the ways described above.
You can mandate and even push certain apps directly to devices for these kinds of tasks, safe in the knowledge that you’re in control of how they’re used. You can even offer the benefits of being able to find someone’s personal phone if it does go missing and get it back to them. With the right software, these opportunities are well within reach, allowing you to lead the innovation charge instead of struggling to keep up with it.
However, equally as important as enabling your team to work how they choose, is the priority of making it easy for them. Where you require user maintenance or time spent helping you setup the programme, keep it simple. If you rely on long complicated guides or high maintenance intrusive policies, you may be expecting too much of already busy staff. That, in turn, could lead to flaws in execution that leave you less secure than you had thought. To put it simply: they just won’t do it.
An area that’s just starting to receive more attention in regard to security is applications. It’s important to remember that it’s never “just an app”. Your team need to realise that installing an app or activating a new feature can open dangerous and vulnerable new pathways for these potential threats.
Take common file sharing and cloud storage tools, which may allow the transfer of files beyond the channels that you’re consciously managing. In many ways, these increasingly common plug-and-play technologies are the modern day equivalent of a USB stick dilemma, just expressed in more complex personas.
Another important consideration is the wide variety of devices and operating systems that are consuming the business of IT. From iOS to Android to Windows Phone and Blackberry, there may be clear majority market leaders but it still only takes one device in the minority to undermine your entire mobile security strategy. Make sure you have a system that lets you manage the full range, today and into the future, without duplication of effort.
Perhaps fittingly for a topic so entwined with mobility, the most important concepts to remember are momentum and flexibility. If you want this strategy to work, the trick is to create an environment where everyone understands the need to work together on security, and why they have to do so. A rigid policy that doesn’t take into account changing user needs and technology will become redundant very quickly. All it takes is one security failure to have a massive data breach on your hands.