Imagine your most recent team meeting. Someone led the agenda, trying desperately to hold the room’s attention. Some team members looked fully engaged, but you noticed others covertly browsing the Internet or replying to emails when they weren’t being asked a direct question.
Now imagine the same scene, but the people in the room with you are actually just 3D representations of themselves. The entire team is actually spread out across the city or even the world, but able to virtually gather in one space.
Someday in the not-too-distant future this will be a reality. The era of the mobile workforce has dawned, bringing with it exciting new technologies and new opportunities for more flexible, more convenient, and some say, more productive work environments.
However, the IT teams tasked with securing your businesses most critical data know that the virtual reality glasses of the future are not necessarily rose-coloured. Mobility has proved to bring with it equal parts opportunity and risk of data loss, primarily because in order to be productive in the modern workplace, employees need to be able to collaborate and access documents and information wherever they are.
According to the Dell Evolving Workforce Report, half of employees globally use personal devices for work or expect to do so in the future. But while 54 per cent of companies globally allow employees to bring their own devices (BYOD), only 27 per cent are securing those personal devices.
This raises an interesting conundrum for CIOs and IT Departments. All of us – whether we are full time workers or contractors – are starting to work differently. The line between work and home has blurred, and this means all workers need greater access to sensitive business documents outside of the traditional workplace. In this environment, even something as small as a lost USB stick, can have a catastrophic impact on a business.
So with all of these risks facing employees every day, is it possible for businesses to embrace these trends and empower employee mobility without compromising their security or overwhelm their IT budget?
Common Mobile Device Security Risks
Forty per cent of small or mid-sized business owners estimate that, if they were to lose all of their corporate data due to a compromised system, they would have to shut down the company permanently. This makes workforce mobility a particularly risky proposition for a few reasons:
- Mobile devices are prone to theft and loss.
Which is easier to lose - a USB drive or a desktop computer? When an employee loses a device on which company files and passwords are stored, it can mean major security issues if the device ends up in the wrong hands. Add to this the incidence of laptop, smartphone, and tablet theft, and mobile security can become quite a challenge.
- Employees working from remote locations might log in to unsecure networks.
Without proper training, employees might not know that logging into their favourite coffee shop’s free WiFi connection makes it easy for hackers in the area to access company files and potentially steal information. And sadly, there’s reason to believe the majority of employees are improperly trained - the Dell Global Technology Adoption Index found that only 39 per cent of companies say their workforce is fully aware of security rules.
- Remote offices are not always secured as thoroughly as the headquarters.
If a team member decides to work from home one day, the IT team might not consider that situation a security risk. But let’s say the team member’s daughter unknowingly comes home from school with a virus on her laptop and connects to the family’s WiFi. Now the worker’s laptop is exposed to the same virus, potentially wreaking havoc on the company’s network and files. As a whole, remote offices without IT onsite are prone to having less security in place, leaving vulnerabilities exposed that can affect the entire company.
New Threats Emerge
In recent months, employers have had to combat a growing number of attacks directed specifically at their employees. Just last year, hackers used “spear phishing” attacks to compromise a remote server of JP Morgan Chase, posing as employees over email in order to gain access or information from real employees. And in February 2015, a successful watering hole attack used Forbes.com to pass along malware that compromised U.S. defense and financial services firms.
Not only are hackers leveraging employees in their attacks, they’re increasingly exploiting mobile devices in more sophisticated ways. The 2015 Dell Security Annual Threat Report revealed that in 2014, the company began to see the creation of Android malware that acted like desktop malware. Researchers also expect exploit kits to arise for mobile devices in 2015. And unfortunately, many of the Android devices being used by employees are running older versions of the operating system, which makes them even more vulnerable to attacks.
Protecting Data Without Hampering Productivity
The biggest challenge in this new workplace paradigm is balancing security with productivity needs. It’s easy to implement rigid security restrictions, but if they slow the process of connecting and using mobile devices too significantly, mobility loses its benefits.
That’s why it’s important for IT teams to protect the data itself, using three levels of secure data protection:
- Encryption - Today’s encryption techniques protect data wherever it is being stored, be that on mobile or desktop devices, portable media storage such as USBs, or even on a public cloud. Moreover, non-disruptive encryption makes it possible for employees to access and share data without having to go through excessive security checkpoints or slow-loading information.
- Advanced Authentication - It’s vital to ensure that your users are who they say they are and that employees only have access to the information they really need. There are many forms of authentication, including hardware-based, credential-based, centralised remote management, and secure single sign on, all of which work together to make mobile security more robust and seamless.
- Malware Prevention - The final approach is to recognise and stop malware before it takes hold of your system. Today’s malware prevention systems can use “containment” methods to run the most commonly targeted applications in a virtualized environment, which prevents malware from attacking the host operating system. In addition, they can automatically identify malware attacks based on behaviours inside the contained environment, rather than relying on malware signatures, effectively stopping even zero-day attacks when they occur.
The mobile workforce is going to continue to grow as long as technology and workplace culture enables it, and before long, a new crop of security issues will arise to challenge busy IT teams. However, while the future of mobility is still on the horizon, the future of security is here now. Balancing security and productivity is no longer an impossible task.
Image credit: Shutterstock/wk1003mike