FROM SAND-BOXES TO SAND-CASTLES – PROTECTING YOUR IT AGAINST HOLIDAY MISHAPS
By Sean Newman, Field Product Manager, Cisco
Britain’s long-hour culture is well-documented, with many of us working well in excess of the European working time directive and for an increasing number of us the hours we work extend not just into evenings and weekends, but into our holidays too.
According to research firm Mintel’s latest study, Brits took 94 million holidays in 2013 and with growing confidence that the recession is beginning to fade, this number is set to rise to 100 million in 2017.
As the division between work and social life has blurred, employees are accessing websites, social media and emails from their Smartphones or tablets in or out of the office anytime and anywhere in the world. For employers it is vital that they ensure their BYOD policies are rigorous enough to protect their business against any potential data breach while their staffs are away enjoying their fortnight in the sun.
While companies recognise the benefits of mobile technology, in terms of productivity and competitiveness, they are not always as focused on the risk this poses in terms of potential cyber-attack.
There is no doubt that adoption of mobile devices in the workplace presents a challenge that is as much a question of policy and control as it is about the technology itself. According to analyst firm TechMarketView, over 10 million UK employees are predicted to be using personal devices in the workplace by 2016.
Manufacturers are pushing tablets as the must-have device for everyone in the family, whether it’s a high-end iPad from Apple or the new cost-effective Hudl from Tesco. What this means for the enterprise, is an influx of new devices coming onto the network, because you can bet your life they won’t be staying just for the home!
For the IT security team this has the potential to be a real headache, as they count the ways in which the BYOD trend complicates their work lives. And, as the transition from desk-bound computers to laptops, tablets and Smartphones continues gathering pace, it’s no surprise that hackers are choosing mobile devices as their next big target. It makes economic sense and they are simply ‘following the mobile money’.
The issue with employee-owned mobile devices is that they can access corporate resources outside of the control of the corporate IT function. This means it can be difficult to identify even basic environmental data for these devices, such as the number and type of devices being used, and the operating systems and applications they are running.
The proliferation of mobile devices and their growing use in the workplace has fuelled a rapid growth in mobile malware, significantly increasing the risk to individuals and their employers. Research indicates that 79% of malicious attacks on mobiles in 2012 occurred on devices running Google’s Android operating system, according to US authorities. Given the lack of even basic visibility, many IT security teams certainly don’t have the capability to identify potential threats from these devices.
However, despite the pitfalls, the benefits of BYOD are often too strong to ignore. So, in order to regain control in this mobile world, IT security professionals must be able to see everything in their environment, so they can establish risk level and then secure it appropriately. For most enterprises, the right solution is to implement BYOD policies that clearly define the proper use of employee-owned devices in the enterprise and then have enough checks and controls in place to enforce those policies.
At the end of the day, security of mobile devices is ultimately a question of three phases:
- Before – establishing control over how mobile devices are used and what data they can access and store.
- During – Visibility and intelligence is vital if security professionals can hope to identify the threats and risky devices and monitor their activities on the corporate network
- After – when the inevitable happens and the network is compromised by a threat, be able to retrospectively review how that threat entered the network; which systems it interacted with and what files and applications were run, to ensure it can be cleaned up as quickly as possible.
Whilst employees need to remember the risks of spending too long exposed to the sun, when they are on holiday, organisations need to ensure the risks posed by their mobile devices don’t expose corporate assets to misuse or theft, otherwise they won’t be the only ones getting burned.