Mobile technology can increase productivity and employee morale; however, it can also create mobile IT security challenges for employers. Businesses must strike a balance between giving employees the tools they need to work from anywhere and safeguarding corporate data. The following three tactics will help companies do just that:
Aligning Mobile IT Security with Company Culture
Mobile technology can expose companies and individual workers to an astonishing array of threats, ranging from data breaches to identity theft. As organizations continue to lock down employee access and data behind firewalls (including intrusion-detection solutions and antimalware software) cybercriminals have increasingly turned to social engineering attacks. Malicious attempts to steal sensitive business information now employ covert techniques such as phishing for potential ransomware victims.
J.R. Reagan, global chief information security officer for Deloitte Touche Tohmatsu Ltd., believes that companies and cybersecurity professionals “ought to consider the lessons of the past and the practices that have worked in other realms, such as workplace safety” to create a corporate culture sensitive to, and cognizant of, cybersecurity. The more restrictive corporate security measures are, the more likely employees are to find ways to circumvent them. However, if a workforce perceives the policies to be reasonable, they’ll be more likely to work within the boundaries. That starts at the top. As Cisco’s John N. Stewart emphasizes, security must be a priority from the top—the CEO—down to be truly effective.
Promoting IT Security Awareness Among Employees
Employees are more likely to abide by mobile IT security policies if they understand the reason behind those policies and their role in maintaining IT security awareness. It’s not enough for employers to merely establish security protocols. Employees must receive training on topics such as the safe use of public Wi-Fi and removable media. Every stakeholder in the organization should have a clear understanding of the reason for establishing and following mobile IT security measures. Open communication and education are the primary components of gaining employee buy-in and securing the companies most valuable asset: its workforce.
Incorporating Strong IT Security Protocols
To enable productivity on the go, companies can embrace several effective security measures. Here are a few places to start:
- Multifactor authentication (MFA). MFA requires users to log on to a computer or app, and then enter a security code sent to another device—typically, their smartphone. MFA makes it much more difficult for an unauthorized user to log on to another user’s device.
- Mobile device management (MDM) and policies. An MDM solution such as Microsoft Intune, VMware AirWatch, or SOTI MobiControl enables the IT organization to monitor mobile devices, unlock them if the user forgets his or her access code, and even wipe a device that’s lost or stolen.
- Security monitoring. Companies must assume that mobile devices will compromise corporate security. That’s where monitoring those devices for unusual or suspicious activity is worth its weight in gold. Mobile monitoring solutions can trigger alarms and provide forensic information about device activity.
- Identity and access management (IAM). IAM solutions give businesses control over their mobile workers from a centralized system, allowing the IT organization to control and even disable access to apps and data regardless of device location.
Many business owners are concerned that implementing tighter IT security controls will create a divisive culture or lead to security paranoia. However, these circumstances can easily be avoided by implementing the right IT security policies, in just the right way. Consider speaking with an IT security professional who can help provide a detailed mobile security assessment that keeps your data safe, your reputation clean, and your workforce happy.