For most people, their smartphone has become an extension of their arm. It’s the thing that wakes them up in the morning, and it’s the last thing they check before they go to sleep. In many ways, mobile phones have made work life easier for business employees. They can easily be reached by clients, answer emails on the go, and tackle any crisis that may occur while they are out of the office. But have you considered the downside of mobile technology playing such a huge role in business?
If your organization needs to safeguard customer and company information, there are a few major issues and concerns that are associated with mobile phones in the workplace that you need to recognize. Gartner, a research firm specializing in SaaS technology, predicts that by 2021, 27 percent of corporate data traffic will go around perimeter security, flowing directly from mobile devices to the cloud.
Think about what policies your company has regarding information. Are your most important accounts or documents password-protected? Have you taught employees to look out for suspicious emails? Can you ensure that confidential documents aren’t uploaded to a public drive?
Whatever your answer to the above questions, the biggest question is, what can your company do to protect data?
Here are five things you need to know about mobile technology and the workplace so you can determine what your policies will be.
- Wi-Fi isn’t always safe. The ability to hack into wireless networks can be done by pretty much anyone. Hackers easily perform “man-in-the-middle” (MTM) attacks simply by going onto the wireless network you are on. Wireless transmissions are also not always encrypted; emails and many other applications don’t encrypt information that they are receiving or sending over the network. This makes it incredibly easy for data to be intercepted. Hackers can eavesdrop on data transmission, hijack a user’s session, and more. Vikram Goyal, a ZENworks Product Manager, says that many people believe that Wi-Fi that asks for a password is secure, which is not always the case. “It is very easy for anybody who is on the same Wi-Fi network to steal information. Unless the data itself is encrypted, it is always possible for anybody on the network to access the data,” he says.
What can you do? Finding security that utilizes Wi-Fi management controls allows you to white and black list certain wireless access points, to help keep your company information safe. There are also software systems that allow you to create a “safe harbor” of encrypted files, and will encrypt removable storage devices as well. Vikram adds, “To eliminate problems you can try to ensure that applications exchange data over a secure connection, or force a VPN connection when a user starts using un-trusted Wi-Fi networks.”
- It’s not just about software. You may think that software is the biggest threat, but that’s not entirely true. Mobile devices are small, and can be easy to leave behind. Many people are guilty of walking off the train, getting out of a cab, or leaving a restaurant without their phone. With the increased reliance on remote or remote employees, the necessity of using mobile phones for business, and thereby the access of those mobile phones, also increases. Even powerful anti-virus software and a password system can do little against a hacker who has a phone in their hands. Many people don’t even have a password or PIN for their phone, and if they do it is often simple and easy for a hacker to bypass.
What can you do? Vikram recommends a few things, including:
- Requiring all devices to have a passcode
- Ensuring that you have a mobile security solution that requires proper password usage to make it as difficult as possible for a hacker to get into a phone
- Getting software that is able to perform a remote wipe and disables lost or stolen devices entirely
- Ensuring that all apps encrypt data
- Malware is everywhere. It’s not difficult for consumers to download applications that have malware. It’s often disguised as a game, security patch, or other useful application. Vikram says, “Most of the apps being hosted in the App Store or Play Store are regularly scanned, but some apps do slip through.” Malware can also be disguised as links and texts. Because it’s well disguised, it can be hard to tell the difference between a real application, and one that contains malware. Once malware is downloaded, data is easily intercepted by hackers.
What can you do? Advanced firewall protection and a complete mobile security solution are helpful when it comes to controlling malware. Firewalls and security patches will prevent users from downloading or accessing applications that may be a threat, and can wipe or disable devices that are in danger. Making sure you educate your employees on malware and what kinds of applications may contain it can also help prevent attacks. Vikram adds, “Use software to lock down all the ways through which an un-trusted app can get installed on a device and ensure that devices are regularly patched and updated to the latest OS versions.”
- Security software isn’t always used. Mobile devices often don’t use security software, and don’t have pre-installed options. Additionally, most users don’t think to install security software, and if they do think to find it, they may not get the best option. Other situations lead to users downloading what they think are helpful security patches, but they could actually be malware or other types of threatening software that puts your information at risk.
What can you do? Vikram says that “mandating in the form of a policy that all devices have to have security software installed can help you.” Education is key in helping your employees know what kind of security software is good to download. Buying software for your group that gives comprehensive security, firewall, and mobile management is also a great option to ensure your information is safe.
- To err is human. While there are many things that can go wrong with mobile devices, human error is probably one of the biggest concerns. Out-of-date operating systems, sending information to a public cloud, lapses in security software, the list goes on and on. Many employees don’t have the time or knowledge to ensure their device stays up-to-date and threat free. Many practices that are fine in normal, everyday use can create threats for sensitive information that employees may have on their phones.
What can you do? Vikram stresses that education is the first step, but alas, to err is human. Ensuring that you have software that matches your compliance needs, provides encryption, security requirements, password settings, and other safety measures will help cut down on threats. He also addes that “It is possible to identify jailbroken devices and lock them down, or even remove all corporate data from them. Compliance policies which continuously monitor a device and lock down or wipe a device, and includes user action issues are also valuable.”
It may seem overwhelming to try and figure out how to keep mobile technology secure while not encroaching on your employees’ personal devices. ZENworks Configuration Management and ZENworks Mobile Workspace may be the answer to your problems. These solutions contain advanced elements like firewalls, USB and device security, and Wi-Fi controls, all while allowing self-service and user management for your employees. You can have the best of both worlds—you’re able to control your sensitive information, and employees are able to feel confident in the way they use their own device.
Have you had any experiences with this issue in your environment? Share your lessons learned the hard way, narrow misses, or some of the things you’re doing right now to keep your mobile users safe. Email them to us at firstname.lastname@example.org.
Meet The Expert
Vikram Goyal is Product Manager responsible for Mobile Management functionality with-in ZENworks and is also in charge of ZENworks Reporting. Vikram is based out of Bangalore, India office. When not working, he can be found either traveling or listening to latest EDM.