James Pattinson, VP EMEA, Absolute
Imagine your day without a mobile device. Hard isn’t it? Whether it’s a smart phone, tablet or laptop, the proliferation of these devices has not only transformed how we live, but also how we work. It’s second nature to check emails via smartphone on the train journey to work, or to put the finishing touches to a presentation in a coffee shop away from the office.
While these developments have enabled businesses to be more productive and broken down the barriers of the traditional 9-5 working day, these devices are now considered a common-place business platform – bring Your Own Device (BYOD). However this also brings with its own security risks. While discussion about the risks to businesses from cyber attacks and sophisticated hacking attacks get a lot of media attention, what is not discussed as widely are the daily data device dangers placing companies at risk. These can include:
Theft & Loss: Perhaps the most obvious threat. Smartphones, laptops and tablets are desirable targets for thieves, and with today’s addiction to connectivity it is nigh on impossible to see someone who isn’t glued to some form of device and not paying attention to their surroundings. They can make easy prey for the seasoned or opportune thief. While this is not a new threat, the rise of BYOD and Choose Your Own Device (CYOD) makes it a security issue for businesses. With employees able to easily access corporate data remotely, critical business data no longer remains within the confines of the office walls and could fall into the wrong hands when a device is lost or stolen.
Public Wi-Fi: Stop in any major coffee shop and you’re likely to find someone with a tablet or laptop open, working remotely, likely from a public Wi-Fi connection. Go to any airport or hotel and you’ll see even more people doing the same. Remote working offers great productivity advantages, but accessing this data via unsecure networks can put data at risk. There have been many incidents of hackers creating phoney networks, disguised as public Wi-Fi, in order to access the personal information of those who log on. The internet is the lifeblood of any modern business, and in a world where employees are used to superfast broadband and wireless connections, little or no connectivity simply will not do. It is for this reason that many employees will not hesitate to scan for open Wi-Fi, connecting to public or even unsecured private networks.
Phishing emails: Despite the dangers that lurk outside of the office, the weakest link in the security chain is often the individual, and more often than not a breach occurs unintentionally. It’s been shown that 70 per cent of cyber-attacks are unsophisticated, relying instead on a combination of phishing and hacking. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Masquerading as trustworthy sources, by clicking on an unassuming phishing email, even the most cautious of employees could inadvertently open up critical information to prying eyes.
One thing is for certain; despite investing in endpoint security technologies like encryption or Anti-Virus, portable devices still expose businesses to huge vulnerabilities, and that, combined with the rise of insider threat (be that malicious, negligent or unsuspecting) it is easier than ever for employees to put sensitive corporate data at risk. With the EU GDPR coming into force, increasing a business’ responsibility to secure sensitive data, the stakes are high. However, despite the risks it is imperative that this does not prevent productivity or innovation. There are steps organisations can take to embrace mobility, yet mitigate against the types of threats outlined above.
Create and implement robust IT security policies: Businesses must have a clear plan and solution in place regarding data and device security and be able to prove that, in the event of a breach, assets whether physical or virtual have been properly secured to minimise the risk of compromising sensitive data and maintain compliance.
- Education, training and automation: With personnel usually the weakest link in an organisation’s security posture, it is vital that employees are aware of corporate policies and are trained and educated to adhere to them. However to rely on employees to follow policy without exception would be somewhat naïve – by implementing automated rules and policies this reduces the threat of the human ‘Achilles’ heel’.
- A single source of truth: Often organisations have a less than perfect view of the health of their endpoint estate. Lost or ‘appropriated’ devices, under or over licensing issues, devices running older versions of security solutions, employees switching off encryption or AV or sometimes even the sheer number of devices. Having an ‘always on’ technology that proactively manages these types of issues is essential to maintaining compliances and mitigating risk
When it comes to devices, the genie is out of the bottle, and there is no way of getting it back inside. Mobile devices have created a ‘new normal’ for the modern business. However, the security procedures outlined above need to become just as much second nature as being able to access work emails on a mobile phone. Only if this is achieved can businesses remain productive, while being able to successfully navigate daily data device dangers.