The Same Study Showed Fifty-Nine Percent of Businesses Have Sacrificed Security for Employees’ Flexibility1
Going Mobile Has Increased Our Exposure
It used to be our precious assets were protected behind layers of security: Cash was in a steel safe, customer lists and bank records were in a locked filing cabinet and HR records were behind a locked HR office door.
Of course electronics revolutionized the workplace. Employees then used computers to navigate a digital file system which contained the business’ confidential info. The sensitive documents that were once tangible were now within the network for users to access. The data was protected by passwords and limited permissions. These were useful means when computing devices were stationary and did not leave the physical office. Yes, employees used to report to the office for work and only there and then be granted access to confidential information. It was rare for the data that companies prized to ever leave the premises.
And of course this is no longer true. Because of their convenience, mobile computing devices are part of most working environments. Employees are no longer forced to work on a computer tethered to their office desk. And just as laptops, tablets and phones have given employees freedom, mobile devices have changed the corresponding security landscape, too.
Records Have Left the Building
It’s easy for your organization’s sensitive information to find its way onto your employee’s device. And once there, the data wanders with the device. So your organization’s most valuable assets are where? on a train? at an airport terminal? in the Bahamas? Will a hotel worker snag your employee’s tablet? Or will your employee accidentally drop his cell phone in a dark movie theater?
Sometimes the result of any of these situations is that a criminal ends up with a device that contains your sensitive and confidential information. Electronic devices are second only to cash in being the objects of theft. Many data breaches start with a stolen mobile device.
The reality is we will not be able to prevent the occurrences of loss and theft of mobile devices completely, so here are some tactics to employ to thwart those who illegally try to access your data on lost or stolen devices:
Backup Mobile Devices
Data loss can result from a number of different kinds of incidents like theft, tampering, system failures or accidental deletions. Make sure all files and data are backed up regularly and securely according to an organizational backup policy.
Educate Your Employees
Do your employees know your policies to keep your organization secure? Employee training needs to be regularly reinforced to keep people’s memories and behaviors sharp.
Lock it or Log-Out When Not in Use
An unlocked device is an invitation for trouble. Employees need to be trained to make it a habit to lock a device when it’s not being used.
Use MFA (Multi-Factor Authentication)
MFA (that uses at least two forms [a form is like a password, a unique code via an app, a physical card, a fingerprint] to prove a user’s identity) enforces strict control over who logs into systems and applications. Its use guards against unauthorized access of confidential data should an individual credential be compromised.
Device encryption transparently encrypts data on laptops and other mobile devices so its new criminal holder will not be able to access the information stored on it.
Sure, you will have to replace a stolen device, but encryption lets you rest assured your company’s valuable data – the greater asset by far – is unreadable and unusable by an unauthorized person.
Draft a Mobile-Use Policy
Have you been clear about your business’ expectations about how mobile technology should and shouldn’t be used? Can people bring their own devices? If so, how are people informed of acceptable use to safeguard your business’ data on their devices? If they are using devices you’ve provided, is it clear to people not to use the devices for shopping, gaming or social-networking? These activities can create points of exposure to business data on the machine and could introduce malware to the devices.
Have you articulated what constitutes a security incident, instructed how to report an incident and given clear steps to follow if an incident occurs? Creating a Mobile-Use Policy document that describes these rules is always a good idea and often a requirement to achieve certain regulatory compliancies.
Bryley Can Help You Improve the State of Your Mobile Security
Post-lockdowns you may feel you need to get clarity about the state of your organization’s handling of mobile devices. If you would like help progressing with any of these mobile security concepts, Bryley has counselled on data protection planning and implementations since 1987. Please call 978.562.6077 or email ITExperts@Bryley.com.
1 Verizon 2021 Mobile Security Study
Lawrence writes about networking and security. He’s written for Bryley since 2015.