By Mark McWilliams
Your mobile employees can now access sensitive company information on their smartphones. And so can the cybercriminal sitting in the next building over or on the other side of the world.
The trend of workforce mobility has led to increasingly savvy cybercriminals shifting their attention from attacking traditional corporate network environments to syphoning company data off poorly-secured employee-owned devices. The security gap has emerged for a number of reasons. Many enterprises don’t have the IT manpower to oversee a host of different devices after an organisation has hastily agreed to implement a Bring Your Own Device programme. There are also issues related to employees losing their mobile devices or using them to access corporate data on unsecure Wi-Fi networks. Downloading suspicious files or applications further increases the cyber threat.
These risks aren’t cause to shut the door on mobility at your enterprise, however. Ensuring your organisation uses the right security solutions and educates all staff about ongoing cyber threats are key ways to protect your corporate data and brand.
Mobile virtualisation, for instance, essentially allows IT departments to keep corporate data separate from the rest of the device. Staff can then remotely manage the device, issuing security patches and wiping sensitive information if a phone or tablet is lost or compromised. End-point security solutions and mobile device management allow IT staff to encrypt and password-protect data, limit the number of users with administrative privileges and select which employees gain access to which applications.
While the IT department will manage these solutions, you should ask mobile employees to commit to doing their part to keep company systems and information secure. Educate the entire enterprise on how the latest cyber security risks could affect the business. Require all staff interested in participating in a Bring Your Own Device programme to sign a user policy that includes requirements for setting and updating passwords, reporting procedures for when a device is lost, stolen or attacked and decommissioning guidelines.
If you’re concerned about the risks inherent in enabling greater mobility at your enterprise, Datacom’s Technical Security Services (TSS) can assess your current environment and develop a customised security solution. Staffed with security experts experienced in protecting corporations and government agencies, TSS can conduct application and network vulnerability assessments, intrusion simulation and research to ensure you are protected against the latest cyber security risks from all sides.
Datacom will be presenting on cyber security at the Trend Micro EVOLVE.Cloud event in Sydney and Melbourne this week. For details on the event, click here.
Mark McWilliams has 24 years experience in the technology sector and is a Director of Datacom Investments. Datacom’s specialist technical security practice, Technical Security Services (TSS), which provides in-depth advice and technical consulting to both public and private sector enterprises across Australia, reports to Mark. He has detailed knowledge across the IT spectrum from data centres through to governance, with everything in between. He has also worked with organisations that have varying needs from a security standpoint, including those with advanced requirements such as banks and government agencies. He has seen both good and bad security deployments and has strong views on how organisations should protect themselves in this interconnected world.