Smartphones: Virtual Risk, Real World Consequences
In late 2014 Apple retained its title as the world’s most valuable brand, though this time with a new accolade: setting the record as the first company valued at $700bn.
This news came with very little surprise. The smartphone market is one of the most lucrative in the world – last year 1.2bn were sold. For want of a better word, people have become devoted to their iPhone, using it for numerous activities within their homes, studies and work.
And while this is good news for businesses like Apple, the smartphone is causing serious problems for enterprise security. With employees, from the C-Suite down, connecting any number of insecure devices to their organisation’s networks, downloading sensitive data outside of the formal business perimeter or uploading mission critical information to untested, unapproved cloud services—the risks are real and the outcomes cannot be good.
It’s important to remember that employees’ mobile behaviour is often not malicious, but may be done with the best of intentions for improving their productivity and job performance. Even within our personal lives, we can be rather relaxed about publically sharing data. Far too many of us are posting personal information and storing key information on mobile devices with the assumption that nothing bad will happen. On a shuttle bus to an airport terminal I watched a man post to his social media account that his holiday had begun. I don't think he’d considered that potentially millions of people would now know that his house - which may be easily discovered - was uninhabited.
If this same relaxed approach to sharing data is also applied within the workplace then the results are potentially devastating to businesses.
So how should businesses react? Here are three steps that can help secure your organisation against the risk of mobile data loss:
- Work with employees, not against them - First off, understand that trying to radically change employee behaviors for personal devices is doomed to fail. It’s not that people won’t stop using their mobiles, it’s that they can’t ! Employees rely on their phones, and as work and home-life becomes increasingly intertwined, so too does their phone usage.
- From the boardroom to the break room, create awareness of mobile device risks - Change starts at the top, and the fact is that today, many executives do not have good visibility of the risks posed by mobile devices. Boards need to pursue mobility risks with the same diligence they pursue financial or operational risks. These risks must be understood throughout an organization —top to bottom.An unambiguous security policy is essential, but this alone is not enough. It must be communicated. There is a gulf between the policy and employees’ knowledge of the policy. And beyond this, there is further disconnect between their understanding of the policy and then actually adhering to it. Business should help employees understand that data risk in the virtual world can have very real consequences, with revenue lost and jobs placed under threat.
- Make technology the solution - Investing in Mobile-Device-Management solutions – such as Samsung KNOX or Atos HooX – may provide some help with securing and controlling smartphones usage, but be warned; it won’t eliminate the problem entirely. Any solution should be transparent to employees, setting boundaries but without interrupting their love affair with their phone.The key is finding a balance between real-world employee behaviour with the business’ desire for control over key business assets and data. As usual in security, there are no perfect answers, but it is important to identify the risks and reduce exposure whilst ensuring its business as usual.