From blue-collar to new-collar
When we picture the typical technology worker, many of us naturally think of an office worker who spends most of their day chained to a desk, sitting in a home office or getting WiFi at a Starbucks. But that view of the tech worker is increasingly too limited. These days, with the introduction of so many connected devices and apps (as well as a myriad of IoT sensors) in the workforce, the traditional blue-collar occupations such as delivery drivers, construction workers and police officers are shifting into a new, hybrid category that we could call ‘new-collar.’ And because these roles come with their own specific workflows, they usually require unique devices with different apps and security needs than the average tech worker.
Delivery drivers today use tablets, scanners and smartphones with dedicated applications to provide real-time location, inventory and route data that help plan the most efficient delivery route. Service and repair technicians use devices to take notes, order supplies and access inventory and product information. Warehouse workers use scanners and other devices to prioritize orders and optimize picking routes, improve accuracy and shorten shipping times.
Device Security For All
Although these ‘new-collar’ workers usually carry fewer BYOD devices than their white-collar counterparts, any mobile device accessing WiFi or cellular networks outside the confines of an organization’s protected perimeter is still exposed to security risks such as phishing attacks, untrustworthy network connections and insecure or malicious applications. The best approach to securing mobile data is to take a multi-layered approach that includes educating employees; protecting the devices they carry, and securing the networks those devices use. Here are five things to consider:
- Training. It’s absolutely critical that every employee is trained to recognize potential threats from malicious emails, phishing attempts and more. Many attacks look completely innocuous, like an email that’s disguised as a notification, an invoice or receipt. These often contain an attachment with malicious script that downloads malware. Symantec’s 2019 Internet Security Threat Report (gated) found that “managing mobile device security continues to present a challenge for organizations. During 2018, one in 36 devices used in organizations was classed as high risk.” Since ‘new-collar’ workers tend to have less technology experience in general, they need extra training to ensure they’re equipped to identify attempts by bad actors.
- Device management tools. Enterprise Mobility Management (EMM), Mobile Device Management (MDM) and Unified Endpoint Management (UEM) tools offered by vendors such as MobileIron and MaaS360 are able to locate, lock and wipe devices remotely if they are lost or stolen. Most of these tools also provide mobile application management, mobile content management, sandboxing (or App Wrapping) and containerization that creates separate and encrypted zones for corporate apps and data held on the devices. These tools are particularly useful for new-collar workers because they secure data saved on the device and operate ‘invisibly’ to the worker without impacting or complicating workflow.
- Mobile Threat Defense (MTD). Sometimes referred to as Mobile Threat Management (MTM) or Mobile Threat Prevention (MTP) tools, MTD tools employ a combination of vulnerability management and anomaly detection with behavioral profiling, code emulation, intrusion prevention, host firewalling and transport security technologies in order to help defend mobile devices and applications from advanced threats.
- Mobile VPN. The EMM and MTD tools above do a very good job of securing data on individual devices, but they do nothing from a network perspective. This is where a dedicated mobile VPN can provide an extra layer of encryption and a secure network tunnel to control how these devices are communicating over any WiFi or cellular network. Mobile VPNs give IT teams visibility into what is happening on external networks, and enables an always-on, secure connection for business-critical applications while helping workers in the field avoid time-outs and re-authentication issues.
- Password policies. It’s amazing how often employees re-use passwords across their personal and work-related applications. This obviously poses an enormous risk to data security and increasingly exposes corporations to added liability. Requiring regular changes to passwords, mandating unique passwords and even additional steps such as multi-factor authentication or biometrics can lower the risk of brute force and other attacks.
Mobile Devices That Just Work
Employees who work in the field typically have to meet strict metrics and deadlines, so saddling them with complicated processes or devices that don’t offer a positive user experience can quickly cause frustration and reduce productivity. An employee working outside in the cold and rain doesn’t want to remove gloves multiple times during a shift to reauthenticate login details on a tablet. Likewise, requiring redundant data input on mobile devices does not utilize employee time effectively. This applies to security policies as well. If the policy adds too much extra time or is too burdensome, employees won’t follow it. Since many field workers are just now transitioning from paper-based workflows to connected devices, they tend to have a much lower tolerance for delays caused by technology. It goes without saying that if a security policy isn’t being followed, then it’s not doing its job!
When choosing hardware and apps for field workers, it’s important to take the user experience into account. Mobile devices need to work seamlessly, be reliable and secure, otherwise user frustration will mount, causing the potential spread of workarounds or Shadow IT. For ‘new-collar’ employees, seamless integration of devices, apps and security is even more critical to job performance than their white-collar counterparts, whose roles are less driven by daily metrics.
Maintaining the security and usability of mobile devices in any work environment is always going to be like playing an endless game of whack-a-mole. But by prioritizing things like user training and dealing with device vulnerabilities quickly, safeguarding organizational security becomes that much less onerous. Like most things in life, an ounce of prevention is definitely worth (more than) a pound of cure.