As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.
This blog series, authored by Kathy Trahan, will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. The second post, available here, focused on the risks that come with mobile connections. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group
The Cisco Visual Networking Index revealed an obvious truth that none of us can deny—mobile data traffic is on the rise and shows no signs of stopping:
- By 2018, over half of all devices connected to the mobile network will be “smart” devices
- Tablets will exceed 15 percent of global mobile data traffic by 2016
- By the end of this year, the number of mobile-connected devices will exceed the number of people on earth, and by 2018, there will be nearly 1.4 mobile devices per capita
With the explosion in the number of smart mobile devices and employees increasingly taking advantage of BYOD, securing company and personal data in a world where the mobile endpoint is a new perimeter presents technical and legal challenges for organizational leaders.
What are some of the most prevailing challenges? The personal use of company-owned devices happens more frequently than IT may realize and a complex legal environment can leave both employees and IT confused on how personal privacy is being protected. It is important for human resources to weigh in here as well.
The solution lies with business and IT leaders working together to ensure mobile device usage (whether personal or work related) does not compromise the security of data, devices and the network. Here are three considerations as organizational leaders get started or review their existing plans:
1. Go on Data Defense
Recognizing the threats to your network and data security is the first proactive step to preventing them from compromising devices and networks. And given the dynamic nature of threats (threats can go dormant, hide or be cloaked), this defense cannot be a one-time moment—but consistent effort to defend and prevent.
Some of these threats include malware, spyware, cyber-attacks and web-based threats (phishing scams or virus-laden downloads). Moreover, classic human error (a lost or stolen device or one that is not protected with a simple password) is also likely to be a culprit. Earlier this year, survey results showed that 80 percent of corporate security professionals and IT administrators felt “end user carelessness” was the most prevalent security threat to their organization. And hackers count on this carelessness or perhaps unintentional lack of precaution. With over 60 percent of mobile end users downloading sensitive data and engaging in reckless behavior defending data is a high priority. And many end users assume IT has their back.
2. Outline Clear Policies
An ill-written mobile security policy can leave employees, IT and administrators scratching their heads in confusion. If a security breach occurs, time will be of essence and a well-written security policy can help prevent data loss. The success with policy is how it is enforced—one cannot always depend on the end user.
After potential threats that can infiltrate your network through mobile devices have been identified, business and IT leaders should collaborate and adopt a Mobile Device Management policy. Such a policy should be all-inclusive, addressing everything from the types of device that may be used on the network (newer model mobile devices may have more robust security features than a previously issued model) to prohibiting the download of certain applications or programs that are used by hackers to gain access to a device or network’s data.
3. Access Control
Access control is a security measurement that I touched on in my first posting in this series, and I refer back to it again because it is crucial. Clear regulations for using personal devices for business purposes and what will be (and won’t be) able to access as far as an employee’s personal information, can help employees be prepared for consequences that may alter their access rights, which could affect their work abilities. For example, some organizations may have a policy that states if IT gets an alert that a personal mobile device is suspected of carrying a threat or simply not complaint—access may be Internet access only and not even company-based email is accessed. Organizations may protect (encrypt) access to approved services or applications only. Or if the device is stolen access is denied immediately and all (work or personal) data on the device is wiped. This could also lead to a potential discussion on back up policy. There is a range of access control approaches that can be taken.
As important as it is for IT and business leaders to have their control measures, it’s also important for them to empower their employees to protect sensitive information. Inspire an investment in protecting company and personal information. Request opt-ins to your security polices and ensure they stay up-to-date with the fluidity in the market that comes with new device releases and the rate at which new security concerns are identified as potential problems.
Mobility has enabled us all to make the world our workplace and more real-time customer connections and interaction have revealed unheralded growth opportunities for businesses everywhere. But, these same programs have served as an open-invitation for security threats to compromise the very data that has given these opportunities to us.
There is no cookie-cutter solution that will work for everyone, but regardless of the industry, business size or goals, business and IT leaders anywhere can tap into a collaborative spirit that creates an environment where the proper solutions can be found.
Considering the scope of your business, where are your concerns when it comes to securing mobile data on personal devices? Is it time to re-evaluate the measures in place? Learn more as you take a look at the interactive Navigating Security Threats in a Mobile World asset.
For more information about the Future of Mobility, follow @Cisco_Mobility on Twitter and join the conversation #FutureOfMobility.
- Read the first post in this series, Securing Employee Device Freedom
- Read the second post in this series, The Risk of Remote Connection: What’s Your Plan?
- Read Dimension Data Series #2 – Mobility Policy: The Mobile Endpoint is the New Perimeter
- Read Secure Network Access for Personal Mobile Devices Paper
- View the Navigating Security in a Mobile World Interactive Asset
- View the Cisco 2014 Annual Security Report