Every year there’s always a push for new technology, whether it be cloud, analytics or mobile etc. In 2015 we will see all 3 of these take presentence but Mobility is not only already used or needed in almost all work places, its expected.
Gartner just published their prediction that by 2018 more than 50% of all folks will use their mobile computing devices in the workplace before, or instead of, using a desktop or laptop.
Many industries have already adopted mobile devices:
And the list goes on.
Most of these companies even allow employees to use their personally owned devices to connect into their networks instead of requiring them to have a separate device for work (because really who wants to carry 2 phones and 2 laptops/tablets around??)
With all these personally owned devices accessing company networks – IT Managers are questioning themselves and their networks, are they really secure enough to allow this amount of access from all these different devices? That have all these unknown and unique applications installed on them??
Well, are you?
- 20% of employees openly admit that they have uploaded proprietary corporate data to a SaaS app like Dropbox or Google Docs, with the specific intent of sharing it outside of the company.
- 66% of users were able to access those very same cloud storage applications after leaving their last job.
- 70% of employees use their personally owned mobile devices for work activities. Even if they were given a business device.
We are literally putting more responsibility for the security of our business assets into the hands of our employees. And most of those employees do not have the training to know how to effectively safeguard their devices and the data used with and stored upon them. They do not receive periodic reminders to keep them aware, and are not provided with tools to use with their mobile devices to establish some strong security controls.
So , what do you do?
Your employees are already accessing your company systems and data from their mobile computing devices; it is not a future problem, its already happening whether you are allowing it or not. All businesses must act now to improve data security for the increased mobility of their workforce. These actions include (but are not limited to):
- Executive support. Obtain the strong and visible support of your executive leaders for your information security and privacy efforts. Don’t know how? Point them to the Sony and Staples incidents, or any of the dozens of others that have occurred this year, and explain how these could have happened within your own organizations.
- Choose the appropriate Mobile Management Solution: Ensure that either your current security application is up to date and is able to secure exactly what you are looking for or research and deploy a new one. Finding a new solution to meet all your needs can be cumbersome but looking into solutions such as IBM Endpoint Manager and MaaS360 which are tried and true, can enlighten you on how easy and complete your solution really be not only to deploy but also to manage.
- Assign responsibility. A position, team or department should be assigned responsibility for maintaining oversight for all business and personally owned computing devices. This includes ensuring appropriate security tools are provided and consistently used.
- Document policies and procedures. You cannot effectively manage mobile computing devices, including those owned by the company as well as those owned by employees, if you do not have documented policies and supporting procedures. Documented policies provide a document for all to reference whenever they have questions about what is acceptable, or not, with regard to using mobile computing devices, including the types of computing devices that are approved to be used for business activities.
- Maintain an inventory. You can’t protect the devices, and certainly not the information they store and access, if you don’t know where or what they are! The position or area responsible for mobile computing needs to maintain a documented inventory of the individuals using them, the types of devices used, the types of business activities for which they are used, and the types of information they access.
- Provide education. This is critical! You must provide effective training so that all employees using mobile computing devices, know how to safeguard not only the physical device, but also the technical controls to protect the data used with said device. Also, ongoing support and communication is necessary for users to stay up to date on changes, tips and incidents that have occurred that they can learn from.
So whether you have a solution in place today or not, take a moment to reevaluate it and make sure its completely covering all your requirements. And if you need a little bit of help doing so, please feel free to reach out to us and we would be happy to perform a Security Assessment for you to help avoid any unwanted future surprises.
Questions? Contact us!