Cybersecurity should no longer just be an afterthought in the workplace, but trying to find easy-to-implement solutions can be intensely difficult for decision makers. As we’ve seen ransomware attacks increase in volume and complexity, it’s no longer just PCs and laptops that face constant security headaches.
A major concern in the mobile world these days is the intrusiveness of mobile apps, which sometimes require a startling number of permissions, including: a user’s contact list, location, and other personal information. (Next time you install an app on your smartphone or tablet, take note of the permissions that are either requested or required before the app will run.)
Consumers have called into question how much data mobile apps need access to, and these same permissions can wreak havoc in the workplace. There is a constant need for proper manageability and updates for mobile apps in the workplace, so chief information security officers (CISOs) need to be sure they are able to fast track security updates while managing mobile devices containing company data.
Mobile devices tend to be the weak link in your office’s security chain, and have now evolved
into the biggest vulnerability faced by companies, according to the CheckPoint Software Technologies IT security firm. There is concern that employees could infect their mobile device by using an unknown Wi-Fi hotspot, then head into the office and spread the infection once connected to company infrastructure.
Becoming proactive when it comes to cybersecurity is a necessity, but as more smartphones and tablets enter the workplace, trying to keep devices secure takes on an even more confusing complexity.
Here is what Dionisio Zumerle, research director at Gartner, said (via press release):
“What has changed is the severity of the consequences. Mobile devices are now storing and accessing more-sensitive data. In healthcare, for example, an increasing number of physicians are using tablets to process sensitive data about their patients. In finance, brokers are using their smartphones to exchange sensitive information. In these scenarios, a device that falls in the wrong hands and does not have adequate protection can be the source of a major data breach.”
For IT leaders and decision makers, there are a few basic precautions that must be considered while implementing cybersecurity protocols (via Gartner):
- Require basic enterprise security policies. Define device passcodes including length and complexity as well as retry and timeout standards.
- Specify the minimum and maximum versions allowed of platforms and OSes. Disallow models that cannot be updated or supported.
- Ban jailbreaking and rooting, and restrict the use of unapproved third-party app stores. Require apps to be signed. [Jailbreaking is when a user removes restrictions on the device so they are able to install unauthorized software or make similar changes once digital rights management (DRM) security is removed.
There are no easy answers into how businesses should keep devices secure in the workplace. Appropriate security protocols cannot be created, implemented, and simply forgotten about – but investing time and resources can prove invaluable later down the road, when malware infections, hijacked devices, and other cybersecurity headaches are avoided.
Companies must be proactive in teaching employees about proper security practices, in an effort to reduce personal infections – and pointing out vulnerabilities regarding mobile apps is often forgotten – but proper education could help stop a potential problem before it starts.
