Modern field guide to security and privacy

The evolving mobile workforce requires evolved security solutions

Technology has enabled the rise of the mobile workforce, but also increased the risk of data breaches.  As more people conduct business outside of the office, organizations can protect sensitive data at three levels.  

For many of us, the term “mobile workforce” still brings to mind a lucky group of workers who get to wear pajamas all afternoon as they Skype in from their laptops. But the reality is that all of us – whether we’re full-time workers or contractors in the private or public sector – are starting to work differently. The line between work and home has blurred, and this means all workers need greater access to sensitive organizational documents outside of the traditional workplace.

With the recent spate of high profile data breaches, more and more IT departments are being asked whether it’s even possible to empower employee mobility without putting sensitive data at risk.

It is possible. But organizations need to understand the diversity of threats that they face and then protect their enterprise and their data at at least three different levels.

New threats are always emerging 

With hundreds of thousands of new malware variants being developed daily, organizations are under greater threat than ever before. The breaches have been well publicized, and the tactics – such as the spear phishing attacks to compromise a remote server of JP Morgan Chase, and the watering hole attack on Forbes.com that compromised U.S. defense and financial services firms – are becoming more complex and targeted.

While those attacks targeted the biggest players, such as the federal government or top-100 organizations, the risk is no less severe for smaller businesses and agencies. In fact, failing to protect data at small- and medium-sized businesses can be catastrophic. Forty percent of small or mid-sized business owners estimate that if they were to lose all of their corporate data due to a compromised system, they would have to shut down the company permanently. Likewise, data loss can have disastrous consequences for public sector organizations. These consequences can make simple employee mistakes even more costly.

Increasingly, too, attackers are looking to exploit mobile devices. The 2015 Dell Security Annual Threat Report revealed that in 2014, the company began to see the creation of Android malware that acted like desktop malware. Researchers also expect exploit kits to emerge for mobile devices in 2015. (Unfortunately, many of the Android devices being used by employees are running older versions of the operating system, making them even more vulnerable to attack).

Many employees often behave in ways which put this data at greater risk. For example, logging into a coffee shop’s free WiFi connection makes it easy for hackers in the area to access organizational files and potentially steal information. And it’s not just coffee shops – many remote offices are not always secured as thoroughly as the headquarters. (Even activities which we all partake in – such as letting the kids use your work laptop – can potentially wreak havoc on the organization’s network and files.)

Finally, it’s no secret that a mobile device is also more likely to be lost. However, an employee losing a device on which organizational files and passwords are stored can mean major security issues if the device ends up in the wrong hands. Add to this the incidence of laptop, smartphone, and tablet theft, and mobile security becomes even more necessary. 

Protecting data without hampering productivity 

With these challenges, it’s no wonder many organizations are asking whether they can really balance security with productivity needs. While it’s easy to implement rigid security restrictions, simply limiting the connection or use of mobile devices is not necessarily the most secure option and clearly isn’t the most productive.

IT teams should look to protect the data itself, and can do so using three levels of secure data protection:

  1. Encryption: Today’s encryption techniques protect data wherever it is being stored, be that on mobile or desktop devices, portable media storage such as USBs, or even on a public cloud. Moreover, non-disruptive encryption makes it possible for employees to access and share data without having to go through excessive security checkpoints or slow-loading information.
  2. Advanced Authentication: It’s vital to ensure that your users are who they say they are and that employees only have access to the information they really need. There are many forms of authentication, including hardware-based, credential-based, centralized remote management, and secure single sign on, all of which work together to make mobile security more robust and seamless.
  3. Malware Prevention: The final approach is to recognize and stop malware before it takes hold of your system. Today’s malware prevention systems can use “containment” methods to run the most commonly targeted applications in a virtualized environment, which prevents malware from attacking the host operating system. In addition, they can automatically identify malware attacks based on behaviors inside the contained environment, rather than relying on malware signatures, effectively stopping even zero-day attacks when they occur. 

The mobile workforce is going to continue to grow as long as technology and workplace culture enables it. No organization – either public or private – should be cut out from enjoying these benefits. The key to balancing security and productivity is enabling the free flow of data by complete encryption. The good news: this is achievable for every organization by protecting their data at these three levels.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to The evolving mobile workforce requires evolved security solutions
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0915/The-evolving-mobile-workforce-requires-evolved-security-solutions
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe