Using employee-owned devices, or a “Bring Your Own Device” system has more appeal every passing year for modern companies. In a BYOD scenario, employees work on their own Mobile device of their choosing. It is much easier for individual consumers to keep up with yearly change and technology. Very often, employee devices are more advanced than the device a company might be issued; it also increases the business mobility of individual employees in an increasingly mobile world. These policies can result in cost savings, increased employee satisfaction, and productivity gains.
However, the nature of doing business with mobile and employee-owned devices can potentially make the companies that do so particularly vulnerable to Security breaches. Without an understanding of the nature of problems and their solutions, going mobile can involve making compromises in terms of security. Wireless technology does not need to be any less secure than other ways of dealing with data, but certain steps must be taken, and attention is given, in order to maintain security when doing business via mobile devices.
In this article, a set of recommendations about how to Reduce Security Risks in business mobility. According to Lenovo there are three categories of issues that must be addressed – end-user error, protecting devices themselves, and protecting systems and data.
The Risks caused by the end user
The end user error is responsible for a considerable amount of mobile business vulnerability. Research from the Ponemon Institute indicates that some twenty-five percent of such breaches are the result of user and consumer error. According to data from McAfee, half of all smartphone users do not use any kind of password protection. Mobile devices are fifteen times more likely than laptops to be lost or stolen. Extra protections are necessary, but basic steps can go a long way. Training and frequent updates are central to preventing such a high rate of user error.
- Engage users in protecting their own devices. Symantec advises end users of mobile devices to take a series of steps on their own to secure corporate as well as personal data. This includes regulating other apps on the network – even those not used to store sensitive data. A vulnerable app can lead to a vulnerable device or even network. Symantec also advises users to update very frequently, and to be more selective about allowing permissions to apps on the device.
- Create a database of employees and contractors and maintain it rigorously in order to reduce security risks related to end users. It should be kept fully up to date. Active Directory is a popular tool for this – however, to be properly effective, Active Directory must be attended with frequent updates. Active Directory is a service developed by Microsoft for Windows domain networks to authenticate and automatically authorize the correct security privileges for a user. Furthermore, communication between IT and HR, including real-time communication, is necessary to maintain a proper database for security privileges. Real-time communication allows instant updates in the event of a change in employee or contractor status. Frequent attention and updates are key to man security strategies.
- Beware of consumer-grade tools. Another user-related risk involves corporate users using consumer-grade file-sharing tools such as DropBox. These tools are often ill-equipped to protect sensitive corporate data. Applying corporate-grade tools with IT management, visibility throughout the company will give users the choice to use more secure tools, and will reduce security risks. Having data stored in a cloud and then accessed is much safer than actual file sharing. If a company fails to supply the right tools for sharing data, users will choose their own, less secure, consumer grade tools.
- Train and train, but don’t stop there. Training users in device safety and enforcing the above practices are still not enough. End users must be reminded that their own personal information is protected by the same security policies and in some cases, the same systems. The interests of protecting corporate information are aligned with protecting personal information. Emphasizing this point to employees and contractors will prevent much end-user security risk.
Requirements for devices
Configurations of mobile devices will vary widely, but in order to benefit from business mobility, it is reasonable to have requirements that need to be met before permitting devices to plug into the network. Encryption and stringent authentication are examples of standards that you can and should require, whether you are providing the device or permitting users to plug their own devices.
- Data encryption should be a requirement in any Bring-Your-Own-Device (B.Y.O.D) situation, even though most mobile users do not tend to encrypt their own mobile data. It should be an absolute company requirement for doing business on personal mobile devices. Encryption of the data itself guarantees that information is protected even when moved between different devices and media. Vendors offer a variety of ways to automatically encrypt data for different operating systems. Two top programs for Android are Two top encryption applications for Android are Encrypt It and Droid Crypt. IOS comes with built-in encryption.
- Stringent authentication is another must-have. Since mobile devices are stolen or lost with relative ease, two-factor authentication should be implemented in any device used for business information. A password alone provides relatively weak protection, but two-factor identification involves adding fingerprint identification or a security token increases protection greatly. Choosing devices which can accommodate these options will boost security.
- Password management applications are another key to mobile security. Instead of opening up to the risks entailed with end users writing passwords down, or storing them on the device, password management software will keep track of these passwords while keeping them secure. End users must also allow some IT access to personal devices when used to store company data. If a device is lost or stolen, this allows IT to immediately delete any corporate data on a device. PC magazine lists some of the best password manager choices for 2018, including Dashlane, LastPass, and PasswordBox.
- IT support for end users is another essential tool. In order to reasonably require additional applications to manage encryption and other security implementations, you will need to provide users with a quick way to solve problems, or they will be unable to comply with the requirements. According to Lenovo, a ratio of one full time IT support employee for every five thousand devices employed is a good rule of thumb. The variety of devices and operating systems found in modern mobile business adds to the need for available tech support.
- Choose your devices carefully. In some ways, the higher the variety of vendors, the more difficult it is to put effective mobile security in place. Using one vendor with a broad range of devices available can be helpful to this end. It will be easier to set standards for security if you have an enforced list of acceptable devices.
Protecting systems and data
Some corporate data is simply too sensitive or high-risk to be stored on personal mobile devices securely. A company data cloud, or virtualization, can solve this problem. Allowing access rather than the actual storage for many employees can greatly reduce the inherent risks of mobile storage.
- Maintain information on your user pool and adjust permissions quickly and reactively. The database of employees and contractors is your primary tool to accomplish this. A degree of maintenance and sophistication can be achieved by integrating the database with permissions systems to enhance security. Most security operates by simply granting permissions on request. Updating access regularly according to changed employee status a can be helpful, as can improving the sophistication of your access policies. For instance, you can improve security significantly by increasing selectivity based on factors such as the job title.
- Use Mobile Device Management (MDM) software. In response to these new challenges of mobile data management, many vendors have made Mobile Device Management software available. This allows IT to make sure the device is authenticated and has not been compromised, which increases protection immensely. MDM is quickly becoming standard for companies storing data on employee-owned devices. Mobile Device Management attempts to secure as many different data as possible while incurring as little cost as possible. This software can protect all devices operating on a given network, with the ability to send updates, record activity, remotely lock or wipe a device, and more. Popular choices include Microsoft’s Exchange ActiveSync (simple, fairly inexpensive, and usable on a wide variety of devices), or the more powerful Blackberry Enterprise Server for RIM devices. Servers with a combination of different devices have a number of choices, including AirWatch, Boxtone, and Good Technology, depending on the mobile provider.
- Back up as rigorously as you would back up your desktop devices and network drives. Lastly, backup and restore processes are vital to mobile security. The program you choose should be easy and efficient to use and manage. Mobile Backup and Restore, by Trend Micro, is a popular choice for Android, with a focus on ease of use. Seagate Backup is another choice for a variety of devices that emphasizes a large capacity and reasonable pricing.
In some ways going mobile with a business, does open vulnerabilities. Without proper steps, and a general awareness of such vulnerabilities, business mobility does seem much less secure than using company-owned desktops. However, it is important to remember that technology practices are still adapting to the widespread use of mobile devices, as is society as a whole. Through training and the implementation of appropriate policies, applications, and technologies, mobile business does not need to be any less secure than more traditional data management.
The post How to Reduce Security Risks in Business Mobility? appeared first on UPLARN – Tips for Business, Lifestyle, Technology, Marketing.