Mobile Security is for every manager, not just IT.

Padraic Murphy
By:
On: 1 Mar 2018
Share this post

mobile security

Your employees are not out to deliberately expose your network and data to risk. They just want to work more efficiently, effectively and easily.

Unfortunately, they sometimes achieve their aims by compromising your network security. It’s a problem in every department – and every department needs to work together to achieve a solution.

Short on time? Skip straight to three simple steps to mobile security.

There’s an IT arms race taking place across your organisation. As fast as new security threats emerge and new technologies and policies are introduced to address them, employees find ways around them. Well that’s what happens when poorly designed mobile security solutions are implemented. It’s not because employees want to circumvent security, defraud their employer or hand over the keys of the company network to hackers. It’s simply because they want to be more efficient at their job and make their own lives easier.

A simple example is the 10Mb email attachment limit many companies set. What do users do? They use third-party apps like Dropbox and WeTransfer that are not remotely within your IT security’s reach. With the use of these unmanaged file sharing platforms comes the risk of a data breach. Three’s customers are using secure file sharing solutions like Citrix Sharefile, which are simple to manage, provide auditing capabilities, and ensure company data – although accessible on the go – never actually leaves its secured premises.

Security technologies and policies that are perceived as too complex or restrictive will soon be circumvented. The answer is to make complying easier than not complying. It’s also essential to not merely lay down rules and introduce security technology, but to educate your employees about the reasons for doing so as well.

All of which makes the issue one for every department, not just IT, to address.

Ignorance is no defence.

If you ask an employee in front of their manager if they ever use third-party apps like Dropbox to share company data, they will deny it. However, with a looming deadline that requires some weekend work and large files they’ll need to access from home, few will resist the temptation if there’s no other option.

Despite the lack of malice in the action, it’s still your business’s sensitive data and the hacker or Data Protection Commissioner will see no distinction.

Nor will ignorance of what your employees are doing defend you from the impact to your business’ reputation and finances.

In addition, it’s an important aspect of the soon-to-be in force General Data Protection Regulation (GDPR) to audit your data. This means being fully aware of where your sensitive data is stored, who has access to it, and where it has been moved to and from. If sensitive data has been moved around “unofficially” outside the company network then you will be unable to meet your auditing requirements and it will be your business – not the erring employee – that will be liable.

Every manager must be aware of what’s going on with data within their team and take the necessary action to enable safer ways of meeting the needs of employees and implement policies to prevent the riskier ways.

If you are unable to meet data auditing requirements it will be your business – not the erring employee – that will be liable.

Education is a critical component.

“No means no” is not the way to gain cooperation from your employees. The key is to explain the thinking behind security policies and to show them safer ways of achieving their objectives. If you just tell them Dropbox is banned, they will only obey until the kind of situation mentioned earlier arises. Then they will think that “once won’t do any harm” and “I’m doing it so I can do my job better” and there’s your security policy breached in one, arguably for all the right reasons.

If you educate employees that you’re not trying to stop them from working on files at home or from putting in extra hours, but you are trying to prevent data loss, then they are more likely to appreciate the problem, understand the reasoning and adhere to the policy. Though you can make that even more likely by doing more to make their working lives easier in the first place.

Embrace BYOD

BYOD (Bring Your Own Device) is often the preferred option of staff, because their personal mobile is newer, more powerful or better specced than the company one they have been issued. That’s another reason why – without deliberately setting out to flout company security policy – they may decide to access sensitive information or deal with company work emails on their personal devices. The solution is not simply applying a blanket ban on own devices – which will be ignored anyway – but to ensure that personal devices have business-approved security apps installed.

The same applies to stopping employees using Dropbox for file transfer, or WhatsApp for confidential communication. They do it because it’s quick, easy and efficient. The solution, therefore, is to make your approved and secure applications just as quick, easy and efficient – while at the same time being immeasurably more secure.

In summary, three simple steps to mobile security.

In most businesses, effective mobile security has only ever been paid lip service. Now GDPR makes a company-wide, rigorously applied and strictly observed mobile security policy absolutely essential. To achieve it, there are three basic steps.

ONE

Establish a policy which has buy-in from every department. Mobile security is not solely the responsibility of IT. It should be developed and agreed by all.

TWO

Inform and educate all employees about the need for a security policy and the absolute requirement to adhere to it.

THREE

Ensure you are providing employees with the tools they need to do their jobs as they want to do them, but with high security. The security must not interfere with or slow down the way they work, but nevertheless it must be there, in the background, protecting them and their data from online threats. A Mobile Device Management (MDM) or Enterprise Managed Mobility (EMM) solution such as Citrix XenMobile will allow you to manage company-owned and personal (BYOD) devices, and also your company’s data on these devices.

Browse Three’s Managed Mobility solutions that create a secure yet flexible mobile working environment for your business, and empower your workforce to work securely from anywhere on any device.