Best practices to secure the mobile enterprise
Mobile devices have infiltrated nearly every aspect of people's lives. The amount of personal and corporate data stored on these devices makes securing the information on the tool a priority.
A survey conducted in January 2012 by Dimensional Research explored the impact of mobile devices on information security in corporate environments, noting that 94 percent of companies have seen an increased number of personal mobile devices, such as smartphones or tablets, connecting to corporate networks. Increased employee productivity and mobility are the main benefits for organizations that allow these devices in the workplace, but those benefits come with their own set of risks.
The threats associated with mobile devices can come in many forms, including:
- Mobile operating system – Every OS, including Android, iOS, BlackBerry and Windows, comes with its own set of security challenges. Threats can originate from mobile apps, the mobile browser, as well as insecure Bluetooth and Wi-Fi hotspot usage.
- Employees – The lack of security awareness among employees is often the leading factor impacting the security of mobile data. Many employees simply aren't aware of the mobile security risks and corporate policies associated with mobile devices, such as storing corporate data, customer information or access to business applications.
- Personal mobile devices – The consumerization of IT brings another layer of complexity as more employees want to leverage their personal mobile device for business purposes. While companies begin to accept the “BYOD” (bring your own device) trend, there are significant concerns about the privacy of sensitive data stored on the devices that IT must handle.
The first step businesses should consider when safeguarding against these security challenges is to develop and enforce best practices and corporate policies for the mobile enterprise. This should include a list of approved devices that can access corporate data, the types of data that can be stored on mobile devices and taken out of a corporate environment, which types of mobile apps can be downloaded onto devices, procedure for theft or loss of a device, a routine for updating operating systems patches, requiring mobile passwords, as well as having the capability to wipe a lost or stolen device.
Mobile device usage in the workplace is a trend that has staying power because it un-tethers employees from their offices, allowing them to work more efficiently while on the go. As with any emerging trend, organizations will need to be careful about striking the right balance between mobility that empowers employees and the new security concerns that arise from it.