The evolving mobile workforce requires evolved security solutions
Technology has enabled the rise of the mobile workforce, but also increased the risk of data breaches. As more people conduct business outside of the office, organizations can protect sensitive data at three levels.
For many of us, the term “mobile workforce” still brings to mind a lucky group of workers who get to wear pajamas all afternoon as they Skype in from their laptops. But the reality is that all of us – whether we’re full-time workers or contractors in the private or public sector – are starting to work differently. The line between work and home has blurred, and this means all workers need greater access to sensitive organizational documents outside of the traditional workplace.
With the recent spate of high profile data breaches, more and more IT departments are being asked whether it’s even possible to empower employee mobility without putting sensitive data at risk.
It is possible. But organizations need to understand the diversity of threats that they face and then protect their enterprise and their data at at least three different levels.
New threats are always emerging
With hundreds of thousands of new malware variants being developed daily, organizations are under greater threat than ever before. The breaches have been well publicized, and the tactics – such as the spear phishing attacks to compromise a remote server of JP Morgan Chase, and the watering hole attack on Forbes.com that compromised U.S. defense and financial services firms – are becoming more complex and targeted.
While those attacks targeted the biggest players, such as the federal government or top-100 organizations, the risk is no less severe for smaller businesses and agencies. In fact, failing to protect data at small- and medium-sized businesses can be catastrophic. Forty percent of small or mid-sized business owners estimate that if they were to lose all of their corporate data due to a compromised system, they would have to shut down the company permanently. Likewise, data loss can have disastrous consequences for public sector organizations. These consequences can make simple employee mistakes even more costly.
Increasingly, too, attackers are looking to exploit mobile devices. The 2015 Dell Security Annual Threat Report revealed that in 2014, the company began to see the creation of Android malware that acted like desktop malware. Researchers also expect exploit kits to emerge for mobile devices in 2015. (Unfortunately, many of the Android devices being used by employees are running older versions of the operating system, making them even more vulnerable to attack).
Many employees often behave in ways which put this data at greater risk. For example, logging into a coffee shop’s free WiFi connection makes it easy for hackers in the area to access organizational files and potentially steal information. And it’s not just coffee shops – many remote offices are not always secured as thoroughly as the headquarters. (Even activities which we all partake in – such as letting the kids use your work laptop – can potentially wreak havoc on the organization’s network and files.)
Finally, it’s no secret that a mobile device is also more likely to be lost. However, an employee losing a device on which organizational files and passwords are stored can mean major security issues if the device ends up in the wrong hands. Add to this the incidence of laptop, smartphone, and tablet theft, and mobile security becomes even more necessary.
Protecting data without hampering productivity
With these challenges, it’s no wonder many organizations are asking whether they can really balance security with productivity needs. While it’s easy to implement rigid security restrictions, simply limiting the connection or use of mobile devices is not necessarily the most secure option and clearly isn’t the most productive.
IT teams should look to protect the data itself, and can do so using three levels of secure data protection:
- Encryption: Today’s encryption techniques protect data wherever it is being stored, be that on mobile or desktop devices, portable media storage such as USBs, or even on a public cloud. Moreover, non-disruptive encryption makes it possible for employees to access and share data without having to go through excessive security checkpoints or slow-loading information.
- Advanced Authentication: It’s vital to ensure that your users are who they say they are and that employees only have access to the information they really need. There are many forms of authentication, including hardware-based, credential-based, centralized remote management, and secure single sign on, all of which work together to make mobile security more robust and seamless.
- Malware Prevention: The final approach is to recognize and stop malware before it takes hold of your system. Today’s malware prevention systems can use “containment” methods to run the most commonly targeted applications in a virtualized environment, which prevents malware from attacking the host operating system. In addition, they can automatically identify malware attacks based on behaviors inside the contained environment, rather than relying on malware signatures, effectively stopping even zero-day attacks when they occur.
The mobile workforce is going to continue to grow as long as technology and workplace culture enables it. No organization – either public or private – should be cut out from enjoying these benefits. The key to balancing security and productivity is enabling the free flow of data by complete encryption. The good news: this is achievable for every organization by protecting their data at these three levels.