Blog

Mobile is also disrupting security. Top tips to take control.

Share
Share
Mobile-disrupting-security_Garth

While it’s been possible to access work emails and calendars from other locations for several years now, evolving mobile technology allows remote access to do so much more than that, putting business at risk.

It is vital to prevent unauthorised access to sensitive business information – and to ensure that technological advances don’t provide an easy ‘way in’ to the system for hackers.

Even if you are already using a three-pronged approach (end-point, perimeter and server) to manage security, end-point is likely to be your weakest link. The unpredictable human factor makes end-point difficult to control. What file-sharing systems are people using on their various devices? Are their operating systems and anti-virus software up-to-date? Has someone fallen for the latest spear-phishing scam, putting the whole system at risk?

This challenge is not going away. As technology evolves, so does the security problem. Thankfully, so too do the solutions! We’ve put together a few key points to help you stay ahead of the game.

Develop and communicate your security policy – but don’t rely on it

If you don’t already have a security policy, you need to develop one. Next, all employees need to be educated on the risk and dangers posed by mobile technology.

Make sure the information you communicate is relevant to the needs and roles of the individual employees. You will likely need a different approach when explaining the policy to a sales and marketing team member than to a junior IT graduate.

Education is essential – but it doesn’t completely eliminate security threat prevention. Remember that however well you communicate your policy, you simply can’t rely on it alone. You’re always going to experience instances where someone doesn’t absorb the message, or when that spear-phishing link seems too real or compelling to ignore.

Utilise the latest security tools

1. Ensure you have a superior end-point product

The internet ‘bad guys’ are getting smarter and more targeted with their attacks. And who are they most likely to target? Those with access to the most sensitive information.

To combat this risk, you need to be one step ahead of the bad guys. The traditional or consumer anti-malware tools you may have relied on in the past may not cut it today.

There are a number of new-generation tools that will help you to manage the risk to your business. These tools conduct a real-time review of what the various software is doing – automatically stopping any suspicious programs before they can cause damage.

New products are being developed all the time, so it is vital to continually review your end-point security tool-kit.

2. Update your perimeter security

Advancing technology means that your perimeter security policy should be enforced on a user, content and application basis. This means you can be more targeted than previously.  For example:

  • If someone is trying to download a file from web-mail? You can automatically stop this and prevent it from happening.
  • Has Dropbox become an unofficial file-sharing tool? You may identify this as a risk – but the use of Dropbox and other unauthorised file-sharing solutions can be managed through the firewall.
  • Before employees are allowed to VPN in, check – do they have the latest patch installed on their device?

This evolving technology makes managing security much easier than it used be, when policies had to be based on protocols and IP addresses.

3. Introduce mobile device management

Mobile is challenging existing business models and creating complexity. As more devices become available, we will see more of them connected to our networks.

There is nothing you can do to prevent the increasing use of devices, but you can take steps to help secure them. Take back control and proactively push updates to approved devices from a centralised management console. You can blacklist or white list particular applications to further manage risk.

4. Consider outsourcing security management

If you feel you don’t have the skills, the time or the resources to manage security yourself, outsource it, and focus on your core tasks and projects.

But be selective when it comes to outsourcing or choosing a partner – you need to work with someone who is across the latest security developments and technologies and is equipped to take on the challenge of evolving mobile technology. Make sure your partner can manage all the elements of an integrated security policy, end to end.

Enforce your policy

Mobile technology is evolving and disruptive, causing headaches for CIOs as they seek to combat the increasing threats to security. It is vital not to rely on simply having and communicating a security policy – you need to enforce it. The tools to do this are continuously evolving – the ones outlined above are current best-practice, but you need to always be across the latest approaches and tools.

And remember that security has three main elements – end-point, perimeter and server – IT teams must address them all.

Want to know more? Contact us today for a no-obligation discussion.

Related articles

6th December, 2023 | Stephen Ellis

How to deliver modern customer experiences with legacy finance platforms

Financial service providers are wedged between yesterday and tomorrow. While traditional systems still power core solutions (and will for some time), today’s customers expect personalised, real-time service delivery across any channel. How do you bridge the gap without reinventing the wheel?
4 minutes
21st November, 2023 | Dan Weis

From static reports to remediation: the journey to next-level cybersecurity

Our rigorous penetration test reporting is just the beginning. We understand that for most organisations, the real challenge begins with turning those findings into tangible security improvements. That's why we've introduced an intuitive, interactive Penetration Testing Reporting portal that allows you to seamlessly manage your vulnerabilities in a central location for multiple stakeholders to action accordingly.
5 minutes
20th November, 2023 | Janniek Starren

How Teams proliferation exposes you to security and compliance risks

Remember that cross-functional team that ran the big product launch in 2022? No, neither do I. But it still exists online, complete with sensitive financial documents, third-party access, and private discussions about competitors. Did anyone lock the door on the way out?!?   The recent rush to remote and hybrid work has created a flurry […]
5 minutes

Whitepaper

Expert strategies for tackling 2021’s cyber security norms

nexon-cybersecurity-ebook@1x 1