The modern workforce has never been more mobile than it is in 2019. It’s a workforce that produces, exchanges and stores huge volumes of information on mobile devices – but just how vulnerable does that leave organisations and what can be done to address any associated threats?
Technology has had a huge impact on the workplace, where trends such as cloud and device convergence have enabled a culture of increasingly remote working. Analysis suggests that 42.5% of the entire global workforce is expected to be operating outside the traditional office environment by 2022 – a dramatic change in working dynamics that is only expected to continue gaining popularity.
From eliminating the commute to making childcare more manageable, there are countless reasons why workers are keen to spend less time in a traditional bricks-and-mortar office. This promise of increased flexibility and control over when and where people work was reflected in the 2018 edition of the Avast Business Mobile Workforce report, in which over half respondents said it would take a significant pay rise (16% or more) for them to even consider a job with no mobile working option. If workers are prioritising this new dynamic over remuneration, companies must adapt to accommodate this change in the modern attitude to work. This must necessarily include a detailed analysis of the technological challenges brought about by an ever-increasing mobile workforce, with particular emphasis on security.
- Remote working is leading to a rise in data breaches
- How technology is reshaping the remote workforce
- Dispelling the top four flexible work myths
For some organisations, employee preferences are not the primary concern, especially for those with rising fears of data security top of mind. High-profile data breaches have somehow become the norm, and security leaders are right to focus on access to sensitive data being closely monitored. Indeed, concern over data security is among the most common reasons for not allowing mobile working – so what can be done to overcome these fears when embracing mobile-centric policies?
Educate (and train) your staff
A useful first step is to provide education and training for staff at all levels. The simple but important lessons to learn here are to reduce unnecessary risks such as using weak passwords or connecting to unsecured networks, for example. S
taff using their own devices should also agree to a “bring your own device” (BYOD) policy, although appetite for such policies is waning against the appeal of the more secure, manageable corporate-owned approach. With those that do opt for BYOD, it’s essential that this includes an agreement to ensure that any device connecting to the company data is managed by an EMM solution – and preferably also secured with an MTD product too – as well as ensuring important online connections take place through a secure VPN.
If security is treated as a daily issue that is the responsibility of every user (and not just the IT team), then any major concerns regarding mobile working from a security perspective can be significantly reduced.
Manage public WiFi usage
It may not match the security profile of every organisation, but mobility leaders should consider banning public Wi-Fi hotspots unless have been established as secure and reputable. Whether the approach is blacklist or whitelist-oriented, the failure to have any policy whatsoever needlessly exposes corporate data to attackers. Many public Wi-Fi networks such as those in cafés or restaurants are inherently insecure.
For example, perhaps your local coffee shop provides you with a password to use the Wi-Fi. Always check if you are connected to the correct network as hackers usually set up fake Wi-Fi hotspots near legitimate public Wi-Fi networks. As a secondary measure, use of websites not using security certificates – especially those handling sensitive data – should be avoided. The easiest way for users to detect these is to look for the padlock in the address bar in most browsers.
Malware and other nasty app-based attacks
These kinds of threats are typically the ones that hit the headlines first. They are typically advanced hacker-created software designed to compromise the user’s device. Malware can take many shapes: from malvertising and spam to more serious threats like spyware or trojans.
The best way to prevent malware attacks is to implement an MTD solution, which can identify the presence of malware on the device and alert admins to any potential configuration risks. Security leaders are advised to mitigate risk whenever possible, such as switching off ‘third party downloads’ on Android devices or enforcing lock screens on mobile devices. Another factor to consider would be to monitor and block traffic to malicious websites known to host malware – ideally on networks beyond those that are corporate-owned.
Unusual user behavior
Ultimately, the biggest risk to corporate data exposures on mobile come from the users themselves.
A small fraction of users will find ways to use apps and services that are not sanctioned by the IT team, either through personal downloads or by accessing sites within the browser.
If the company has mandated use of Dropbox, but an individual is using Google Drive then nothing has necessarily gone wrong. Whether it’s through ignorance, stubbornness or even maliciousness, these instances of weak visibility and control of corporate policy can be incredibly risky. According to Verizon, 90% of data breaches can be attributed to some kind of social engineering (ie. human shortcomings rather than technical ones).
Creating a policy around cloud storage is one thing; enforcing it is something else entirely.
Joel Windels, CMO of NetMotion Software
- We've also highlighted the best antivirus to protect your mobile workers from the latest cyber threats