Mobile is also disrupting security. Top tips to take control
Mobile technology has transformed business, leading to whole new levels of efficiency and productivity. But what about the increased security risk posed by mobile and BYOD technology? Worrying about potential data breaches is what most often keeps CIOs awake at night.
While it’s been possible to access work emails and calendars from other locations for several years now, evolving mobile technology allows remote access to do so much more than that, putting business at risk.
It is vital to prevent unauthorised access to sensitive business information – and to ensure that technological advances don’t provide an easy ‘way in’ to the system for hackers.
Even if you are already using a three-pronged approach (end-point, perimeter and server) to manage security, end-point is likely to be your weakest link. The unpredictable human factor makes end-point difficult to control. What file-sharing systems are people using on their various devices? Are their operating systems and anti-virus software up-to-date? Has someone fallen for the latest spear-phishing scam, putting the whole system at risk?
This challenge is not going away. As technology evolves, so does the security problem. Thankfully, so too do the solutions! We’ve put together a few key points to help you stay ahead of the game.
Develop and communicate your security policy – but don’t rely on it
If you don’t already have a security policy, you need to develop one. Next, all employees need to be educated on the risk and dangers posed by mobile technology.
Make sure the information you communicate is relevant to the needs and roles of the individual employees. You will likely need a different approach when explaining the policy to a sales and marketing team member than to a junior IT graduate.
Education is essential – but it doesn’t completely eliminate security threat prevention. Remember that however well you communicate your policy, you simply can’t rely on it alone. You’re always going to experience instances where someone doesn’t absorb the message, or when that spear-phishing link seems too real or compelling to ignore.
Utilise the latest security tools
1.Ensure you have a superior end-point product
The internet ‘bad guys’ are getting smarter and more targeted with their attacks. And who are they most likely to target? Those with access to the most sensitive information.
To combat this risk, you need to be one step ahead of the bad guys. The traditional or consumer anti-malware tools you may have relied on in the past may not cut it today.
There are a number of new-generation tools that will help you to manage the risk to your business. These tools conduct a real-time review of what the various software is doing – automatically stopping any suspicious programs before they can cause damage.
New products are being developed all the time, so it is vital to continually review your end-point security tool-kit.
2.Update your perimeter security
Advancing technology means that your perimeter security policy should be enforced on a user, content and application basis. This means you can be more targeted than previously. For example:
- Is someone is trying to download a file from webmail? You can automatically stop this and prevent it from happening.
- Has Dropbox become an unofficial file-sharing tool? You may identify this as a risk – but the use of Dropbox and other unauthorised file-sharing solutions can be managed through the firewall.
- Before employees are allowed to VPN in, check – do they have the latest patch installed on their device?
This evolving technology makes managing security much easier than it used be, when policies had to be based on protocols and IP addresses.
3.Introduce mobile device management
Mobile is challenging existing business models and creating complexity. As more devices become available, we will see more of them connected to our networks.
There is nothing you can do to prevent the increasing use of devices, but you can take steps to help secure them. Take back control and proactively push updates to approved devices from a centralised management console. You can blacklist or whitelist particular applications to further manage risk.
4.Consider outsourcing security management
If you feel you don’t have the skills, the time or the resources to manage security yourself, outsource it, and focus on your core tasks and projects.
But be selective when it comes to outsourcing or choosing a partner – you need to work with someone who is across the latest security developments and technologies and is equipped to take on the challenge of evolving mobile technology. Make sure your partner can manage all the elements of an integrated security policy, end to end.
Enforce your policy
Mobile technology is evolving and disruptive, causing headaches for CIOs as they seek to combat the increasing threats to security. It is vital not to rely on simply having and communicating a security policy – you need to enforce it. The tools to do this are continuously evolving – the ones outlined above are current best-practice, but you need to always be across the latest approaches and tools.
And remember that security has three main elements – end-point, perimeter and server – IT teams must address them all.
Want to know more? Contact us today for a no-obligation discussion.