Mobile Security – Finding a Balance between Business and User needs

Taking a risk-based approach has always helped me find the right balance. —Niel Nickolaisen

What is the first thing that you do when you wake up, that is even before you get out of your bed? Yes, that’s right! You check your mobile for Facebook updates, WhatsApp messages, personal and company email, updates from Owler, Salesforce, and the list goes on… and while you are at it, how aware are you about mobile security?

Corporates today boast of employees going mobile with cloud-based apps to access company resources on the go. You can build a team of contractors spread across the globe having access to company servers hosted by third parties worldwide. While this has proven to be a boon for growth and expansion of business on one hand, it comes with a security concern on the other hand for employees, contractors and customers connected via multiple devices and platforms.

How proactive is a company towards its data and system security?

CIOs around the globe are going nuts juggling with the growing complexity of network and technologies, to limitless points our systems are vulnerable to possible attacks. According to Lookout and Ponemon Institute, in an average Global 2000 company, 1,700 out of 53,844 mobile devices are hit by malware infestation at any given point.

In a survey conducted in January 2016, Ponemon Institute reported:

• 43% increase in mobile access to corporate data
• Estimated 50% growth of mobile access by 2018
• 64% organizations are not proactive with security measures
• 63% have no mobile security policies in place
• 35% of respondents reported that there were no measures in place to manage and secure data available on employee’s devices
• 67% of enterprises have experienced mobile data breach
• Cost of malware infection to the tune of $16.3 million per year
• Only 26% of infected devices are investigated
• $26.4 million is the estimated cost of remediation for all infected devices
• Only 16% of security budget is dedicated to mobile security

Corporates can create a secure environment by establishing and implementing some ground rules to protect their data. With company data being spread across several servers and accessible to employees and customers across the globe, corporates need to think outside perimeter based solutions. Corporates need to work on controlling user access by embracing more identity-based solutions.

Today’s volatile IT environment demands an overhaul of traditional approach, and taking actions that help moving towards cultivating the right attitude for developing a strong and secure identity based security game plan. Here’s how to go about it:

• Single sign-in Access

Each new management tool or business app calls for new user database holding access information that is susceptible to external attacks, and even leaves users with additional task to remember credentials. Implementing single sign-in access across various platforms not only eliminates the risk of unauthorized identities, but also makes it easy for the organization to manage their employee and customer access details.

 

• Multi-layered Authentication

Username and password are the only details required by most cloud-based apps. But they provide a thin layer of protection for general data. Critical data related to finance, customer database and company secrets demand more strict access control. Throwing in SMS, email or device authentication into the security mix provides a good balance.

 

• Use and control secured devices

Securing devices that have access to business data is of vital importance. Unsecured devices in wrong hands, will pose a security threat to vital company data. In such a scenario, the IT department should be able to contain the damage, by remotely tracking and controlling the stolen device and wiping off the data.

 

• Access priority control

A system that manages access by employees must be in place at all times, to track current employees and revoke access rights of ex-employees, so as to prevent any unauthorized data breach.

 

• Educate employees

It only takes one careless employee to breach the security system. Creating awareness regarding simple security measures amongst users is of utmost importance. Educate employee about the safe user practices while using their devices to access important company resources. It goes without saying that there is a need to create and cultivate risk-aware culture right from the top ranks of the company to the very bottom level.

 

• Identify loopholes and respond quickly

Company wide security audit is a must to identify loopholes in the system and immediate actions should be taken to curb damage. Isolating incidents of possible security breach and quick response to control the situation is the way to deal intelligently.

 

• Set up line of Defense

Each connected device is a potential risk if not managed proactively. A centralized management should be in place to enforce policies that control device settings and authorize access. Only authorized personnel should be given access to business data.

 

• Prevention is better than cure

Imagine if airplane seats were installed without seatbelts. What will happen when the plane starts to land? The passengers will fall off! This will mean disaster. As the famous saying goes, precaution is always better. So in line with this thought, it is wise to build in a security complaint system right from the beginning to minimize the damage later on and pay high price in the process.

 

• Update and Upgrade

Companies using older outdated software programs are sitting ducks for cyber criminals that swoop in when they smell blood in form of a loophole in the security system. Stay updated with technological changes and upgrade for better security.

 

All steps mentioned above, help companies to stay in tune with technological change, upgrade to higher levels of security designs and keep track of employees and users activities without compromising on security.