Mobility has been a great enabler for businesses of all sizes so it’s not surprising that company after company is attempting to bring added flexibility to their business. The benefits in terms of productivity and employee morale are plentiful, but in order to embrace mobility safely, security protocols must be implemented first.
Many industry analysts have claimed that mobility and security are mutually exclusive principles and that, as organisations embrace the former, they move away from the latter. However, this is largely an oversimplification, particularly considering the amount of mobile security tools that are now available. In many cases, mobile security incidents are simply the result of a lack of awareness.
The rise of Bring Your Own Device (BYOD) policies, for example, has given employees greater flexibility, improved morale and resulted in lower costs for IT departments, but more businesses should implement a transparent security strategy before transitioning to BYOD or its many variants. Similarly, businesses that embrace smartphone use at work are able to be more productive whilst on the move, giving their clients greater value. Mobility provides so many advantages that it’s not something to be scared of, but rather embraced responsibly.
Fortunately, the knowledge required to prevent security breaches from occurring is out there, if businesses are willing to seek it out. The first step on the road to mobile security is a change of culture. For many employees, there is a feeling that security across mobile devices is less critical than protecting desktop PCs. It is also sometimes assumed that securing mobile devices such as smartphones and tablets is the responsibility of the company, not the individual. When this is the case, security will remain a weakness no matter how much bespoke security software is used.
Instead, businesses must have a clear and transparent approach to mobile devices that is shared with all members of staff. They must decide whether BYOD, CYOD (choose your own device) or COPE (company owned, personally enabled) is the right approach and explain what this means to employees. Members of staff must be made aware of who owns mobile devices and more importantly, who owns the data contained within them. Companies may also want to limit the choice of smartphones available to employees in order to gain a greater level of control.
Aside from changes to corporate policy, there are a number of software-based solutions that can help limit mobile security issues. Anti-virus packages, like Norton 360 can block malware and suspicious websites to keep your mobile devices safe whether you’re using the company Wi-Fi or a 4G Internet connection. A number of mobile network providers are also beginning to help their business customers overcome security challenges. EE’s collection of Business Apps comes with a set of security-focused tools that have been selected for businesses looking to adopt mobile working practices. Alongside Norton, this security suite includes MozyPro, which provides automated backup for your important files, and Legal Manager, which ensures that your company’s security protocols comply with existing data regulations.
As well as the aforementioned software, mobile device management (MDM) is required to help businesses control applications and network connections that often blur the boundaries between work and personal data. MDM software is, therefore, increasingly being adopted in order to meet security needs without compromising on flexibility.
MobileIron is one such app that effectively balances flexibility and security, providing a platform for businesses to manage apps, networks and employee data use. Through a variety of features, it enables organisations to encrypt sensitive data and decide which members of staff have access to certain information. Businesses can use the software to push updates, track applications and implement a company-wide security standard. Crucially, MobileIron and other MDM platforms are customisable to suit your company’s needs, so mobility is not limited even as security is heightened. As an addition to a 4GEE Business Plan, MobileIron can be seamlessly scaled up to suit your needs, starting with five mobile devices and adding one licence at a time.
It is also important for businesses to recognise that mobile security isn’t really about smartphones or tablets at all, but rather the data they hold. With that in mind, companies are advised to not only focus on device security, but also on using secure applications. Cloud-based solutions, for example, enable businesses to access company data from a multitude of devices, so installing anti-malware tools on your smartphone is largely redundant if employees are accessing the same data from an unsecured company tablet.
Instead, firms must consistently assess their mobile apps and services, analysing what company data they have access to and how secure they are. Just as with desktop PCs, the mobile malware landscape is evolving constantly, so businesses should regularly carry out security checks on existing applications as well as performing risk assessments for any new downloads.
However, no set of security protocols is completely fail-safe, so businesses should have a contingency plan in place for when mobile security is breached. For example, there is no way of completely eradicating smartphone theft, but there are ways of mitigating the damage caused to your business. In 2013, 3.1 million smartphones were stolen, but this is far less concerning than the fact that eight out of 10 finders of lost devices attempted to access the corporate information stored on them.Through software like MobileIron and other security solutions, businesses can retain control of their data even if devices are lost or stolen.
Ultimately, a company-wide approach to mobile security is the only method likely to prove successful. As well as ensuring devices and applications are secure, employees right up to the C-level must adopt a security conscious mind-set.
This culture change, in combination with the correct deployment of security software, will lead to businesses embracing the benefits of mobile devices, without looking over their shoulders for the next cyber threat.