Mobile computing is now an integral part of business and that’s not going to change. The ability to access email and business documents anywhere at any time is giving businesses a sharper competitive edge. At the same time, supporting a mobile workforce gives rise to added security risks. Handheld devices are not inherently secure, and enabling remote access to business intellectual property could put that IP at risk, especially if it’s retrieved over an unsecure wireless network. Companies have to weigh the benefits against the risks of provisioning a mobile workforce.
There is no question that mobilizing the workforce is a growing trend because it increases productivity. IDC predicts that the U.S. mobile workforce will exceed 105 million by 2020, up from 96.2 million in 2015, which represents 72.3 percent of the U.S. workforce. Citrix points to the mobile enterprise as the new way of work, and that organizations need to both empower and manage the mobile workforce to optimize security, agility, and productivity. According to Citrix research:
- 61% employees spend at least some time working outside the office.
- The average employee uses three or more mobile devices daily for work-related activities.
- The number of devices managed as part of the enterprises grew 72 percent from 2014 to 2015.
To manage mobile data security, IT managers need to monitor and manage mobile devices, which is increasingly difficult in a climate driven by bring-your-own-device (BYOD). More employees are insisting that they use their own handheld devices for work, which means IT has to find new, more secure ways to secure those devices, even though they don’t control them.
Many IT departments are blacklisting apps that place sensitive data at risk. Citrix reports that the top blacklisted apps are Dropbox and Mail, since both have the potential to store sensitive files for access outside the company network. In addition, hackers are becoming more sophisticated and are targeting mobile browsers. According to 2015 research by PWC, 15 percent of organizations suffered a security breach that originated on a smartphone or tablet.
While maintaining a secure mobile workforce may seem impossible, there are steps you can take to ensure that your mobile enterprise is secure.
Help Mobile Employees Secure Mobile Data
First, you have to assume that documents are going to be accessed using unsecured mobile devices. No matter how good your security protocols, there is no way to ensure that a mobile handset is absolutely secure. However, there are best practices that should be in place:
- Be sure to use strong password protection and data encryption.
- If you are providing access to confidential data via a proprietary application, be sure that the system doesn’t store login information. If you can’t add a security layer to the app process, then you will have to double up on document protection.
- Educate employees about the potential dangers of mobile data access and make sure they use appropriate precautions.
As part of security protocols and procedures, be sure that employees’ smartphones or tablets are protected with a PIN or access code. Do not allow apps to save passwords or use automatic logins. It’s common for banking, shopping, and mobile payment apps to store sensitive information that is valuable to cybercriminals so it’s best to have to login each time to prevent unauthorized access. Many applications, such as Facebook, Twitter, Gmail, and LinkedIn, have two-factor authentication available, such as user name, password, and a one-time PIN. This provides added account protection. Also ensure that the mobile device locks automatically when it remains idle; it may be a nuisance to users but it makes the system secure.
More malware is being embedded in mobile apps so be sure users apply the appropriate precautions. Only download apps from an authorized app store. Also be sure that all apps are kept up to date and download updates as soon as they are available; they often contain security patches.
Protecting the Mobile Enterprise
In addition to educating employees, IT managers can take direct steps to secure the mobile enterprise. Mobile Device Management (MDM) allows you to control what data can be accessed from a handheld device. It also enables remote updates and provides remote control over mobile devices, such as the ability to wipe a smartphone or tablet that is stolen. MDM software also can support remote data backup so you can recover the data if a device is lost or stolen.
Using outside services to support mobile workforce support and security is also an option. Many organizations hire remote security and support service to facilitate system security, including mobile data access. Since mobile data access is delivered via the cloud, a remote monitoring service can watch cloud data traffic, looking for anomalies or indicators that a mobile device has been hacked or stolen.
Security consultants can monitor enterprise systems remotely as well. If a hacker finds a way to break into the network using a handheld device, remote monitoring can detect unauthorized data access or suspicious activity, often shutting out intruders before they can do any real harm.
Supporting a mobile workforce is a challenge, but the productivity benefits of mobile computing far outweigh the security risks, especially if you understand the risks and how to minimize them with the help of an experienced security service partner.