mobiles
Mobile Communications

Mark Tickle (Europe) - Securing a Growing Mobile Workforce

Enabling a mobile workforce has become business critical for many organisations, due in the most part to the flexibility and efficiency benefits that mobile use in the workplace can bring to the business and its employees. The problem is that as the numbers of mobile workers and the types of devices they are using to access corporate data increases, so do the risks.

With 47 % of the UK workforce now mobility enabled and shipments of mobile devices having overtaken PCs, the risks of business data being captured and threats penetrating the business network are increasing. In parallel, the types of security threats (and the criminals behind them) are becoming more sophisticated than ever before, using multiple attack vectors to achieve the desired result.

This plethora of new threats is putting strain on many organisations' security systems. Whether it is employees sharing devices used for work (such as laptops) with family and friends, people hacking the network from outside the organisation, or the theft of mobile devices, organisations are rightly becoming more aware of, and increasingly concerned about, the security issues surrounding mobile working. However, many don't have the necessary security systems and protocols in place and are unsure what must be done to stay secure and ensure confidential information is protected.

The first and most important step is for organisations to take back control. In the days of fixed network IT, risk managers had a clearer view of the information that was coming into and leaving the organisation. In a mobile world, the key to regaining that control is developing and enforcing effective policy, something that applies to organisations of all sizes.

Ideally, organisations will impose an appropriate usage policy for all communication channels. However, the pace of development in information communication technology is increasing substantially and policies are becomingoutdated. It is becoming necessary to update those policies on a frequent basis. It is only a decade since blogs came into being, for example, and we have already seen countless examples of employees posting inappropriate content that brings their employers' reputations into question. The advent of social networking sites has now created the need for yet another layer of policy within an organisation.

Organisations also need to consider that a ‘blanket' set of company-wide policies is no longer sufficient, in an era where mobile devices are ‘always on and always connected'. As organisations grow in size, it is important to differentiate the way that rules are implemented based on individual and group responsibilities. To be truly effective, rules must be granular and easily combined, to give IT managers the flexibility to refine them based on new activities as they arise.

Information security in an increasingly mobile world is a complex beast - and one that simply cannot be ignored. Organisations, regardless of size, are being forced to view the plethora of increasingly sophisticated threats as a serious business risk. Senior managers that treat it as purely an IT issue are in danger of breaching their ethical duty to the company, by placing it at risk of financial compromise. For publicly listed companies, that could impact shareholders and place them at additional risk, but even for private companies, the dangers are clear. By adopting a well-planned, well-executed and well-integrated mobile security strategy, organisations can mitigate the risks and ensure that employees, the company and its assets are protected.

 Seven steps to secure work devices

To stay one step ahead of the criminals, there are a number of strategies that businesses can put in place to enable a secure mobile workforce, with the seven steps to mobile device security being:

 

  • 1. Segment your workforce applying policies as appropriate
  • 2. Utilise a web-based console for all security operations
  • 3. Enforce appropriate usage policies and keep them updated
  • 4. Leverage remote control functionality to troubleshoot issues faster
  • 5. Enable employees to help themselves and lower support costs
  • 6. Enforce a strong password policy and encourage regular changes
  • 7. Limit the amount of data stored on mobile devices

 

Mark Tickle is the  Managing Director (for Europe the Middle East and Africa) at Webroot. Mark has been central to accelerating the adoption of SaaS Security in a number of industry sectors.

 

PREVIOUS ARTICLE

« Ken Scott (Europe) - How European Organisations can Leverage Best Practices

NEXT ARTICLE

Abhay Bhargav (India) - PCI Compliance - an Indian Perspective »

Poll

Do you think your smartphone is making you a workaholic?