Mobile devices have made a tremendously positive impact on the way we work and how we can remain productive whether in the office or on the go. Today, the majority of people will have a mobile device, most likely a smartphone or tablet, and combined with exciting cloud-based applications and cloud-based data storage, we now enjoy new levels of freedom to work and access information on the move like never before.
While this is great for improving productivity, allowing your users to work how they want, where they want, presents an overarching security risk for your business that frequently goes un-noticed. Today mobile devices provide not only a window through which your users can view and manipulate corporate data, but also a platfom on which to hold that data, and carry it with them wherever they go, sometimes without even realising.
What are the risks to my business?
In short, you suffer from a lack of data visibility. The files and business-critical data your business relies upon are no longer safely stored within your own IT systems and infrastructure, but spread across an unknown number of different devices that are outside of your control and in the pockets of your employees.
For example, every time a user opens an attachment, that file is downloaded to the device before it can be opened, meaning a version of that file now existing on that device until it is removed, something most users won’t even be aware of. This might not seem like an immediate issue, but should that phone or tablet become lost, the local data stored on it is now potentially accessible to anyone.
Staff off-boarding also creates an added complication. While you can take steps to manage this by closing down their email account and reclaiming their business laptop, you can’t realistically control what data they are still able to access through their personal mobile device, and who will be able to reach that data now they have left.
I only check my emails, that must be secure?
This is a common response when we chat with customers about mobile device management, but unfortunately even limiting employees to email access only will not shield you from the potential risks. Staff travelling on business will often connect their mobile device to the free wi-fi at an airport, train station or coffee shop to quickly check their emails, update the office on progress and spend what would otherwise be down time being productive with little or no thought to the security of the Hotspot they are using.
That free WiFi Hotspot is a public network that potentially exposes that device to other people using the same WiFi connection. Suitably motivated individuals can quickly identify someone’s activity while they are online to unearth vulnerabilities. There’s also a possibility that the free WiFi they’ve connected to may not be what it appears, and could so easily be a fake Hotspot setup in a public area to gather sensitive details of anyone who connects – email addresses, passwords, banking details etc.
We have dealt with real life experiences where a business email account was hacked after the individual quickly connected to a public hotspot. Armed with real insight and a valid corporate email account, hackers used this to form the basis of a series of scam emails requesting urgent payment for seemingly legitimate work. It was only the attentiveness of finance and admin teams questioning these emails that avoided disaster.
Why would a business not manage its devices?
In some cases, businesses simply aren’t aware of the potential risks that we’ve outlined above. As with your car insurance, many don’t fully appreciate the safety it provides until the worst happens, and Mobile Device Management is exactly the same. Equally, many businesses allow their staff to use their own personal device for company emails, but often encounter reluctance from the employee to allow the installation of appropriate security or management software onto their personal device to protect the business data they access, often wrongly concerned that the employer can “spy” on their personal phone as a result. The alternative is to provide every user with an additional business device, but this incurs an additional cost.
Ultimately, it’s important that you consider taking any steps you can to ensure that your private corporate data is adequately protected and remains private when accessed by your employees on-the-move. We’d encourage anyone to look into the implementation of staff policies around the use of personal devices, and to explore deploying one of the many software solutions available to manage Mobile Devices.
To find out how we can help protect your data and your employees as they work on the move, get in touch with a member of the team.