Original Post by RYAN O’REILLY
Mobile security is a major concern for businesses building a mobile communications strategy, in fact in the 2015 Arkadin UC Survey 40.7% of respondents rated data security as a ‘critical priority’ – here are 3 factors they must address.
Remote working and mobile working is a key part of the modern workplace with 81.5% of companies surveyed in the 2015 ‘Arkadin UC Survey – UC: Where are you on the journey?’ stating that such a system boosts productivity; however, allowing data to pass outside the corporate firewall creates significant risks.
As you deploy a mobile communications strategy, there are a number of factors to consider…
Device and data theft
By far the biggest risk to any mobile IT strategy comes from the devices used to access corporate resources. Some estimates suggest that as much as 65% of personal smartphones and tablets have company data stored on them. More worryingly still, more than half of those devices do not even have a PIN screen lock enabled. If one of these devices is stolen, the thief has access to both the data stored on the device and access to the corporate network too. Similarly employees leaving the company may be taking sensitive data and intellectual property stored on their phones.
Potential solutions that will help mitigate these problems include:
- Using Mobile Device Management tools to provision, secure and remotely wipe handsets, tablets and laptops when required.
- Creating a security policy that requires employees to secure all network-attached devices with passwords.
- Enabling on-device data encryption, such as Windows BitLocker drive encryption, to prevent data recovery if a device is stolen.
- Sandboxing apps to prevent on-device data being accessed by other, unauthorised apps.
Malware and Hacking
Malware, hacking and viruses have been a regular part of IT network management for many years. However now a mobile communications strategy is in place, the IT manager must also contend with smartphones and tablets.
Mobile malware is on the increase, although currently most of it (97%) is targeted at Android. Mobile hacking and viruses remain relatively rare, but by accounting for the possibility of infection in your mobile IT strategy now, you will be prepared for when they do become more common. Factors to consider include:
- Training employees to only install apps from trusted app stores.
- To choose a mobile platform that is less susceptible to malware (iOS and Windows Phone).
- Install mobile anti-malware software where appropriate.
- Ensure that virus definitions for all remote devices is updated regularly.
Cisco research suggest that 51% of users regularly connect to unsecured networks using their smartphones for instance, providing ample opportunity for hackers to launch man-in-the-middle attacks, or to simply capture sensitive data in transit.
Preventing this kind of attack requires your mobile communications strategy to contain a blend of technology and education:
- Train staff to never access sensitive corporate data over unsecured networks.
- Install a suitable VPN/encryption app on each device to ensure that any data captured cannot be recovered.
A secure and workable mobile IT strategy must include provisions for:
- Any introduction of a mobile IT strategy must combine technology with education across all levels of the company in-order to ensure widespread adoption of any security policy.
- Employee training around best practice use of mobile devices is essential for mitigating the risks surrounding data security
- A well thought out mobile strategy that considers expected benefits, is approved by the C-suite and is championed by management during implementation