This trend has been driven by enhancements to mobile connectivity, the rise of cloud-based applications, and the changing expectations & demand of employees. Fundamentally, the workplace is no longer a location, but an abstract concept.
A successful mobile workforce strategy boosts productivity and increases employee satisfaction – both of which can have a direct impact on an organisation’s bottom line.
The security challenges
But the mobile workforce introduces entirely new security considerations. Securing an IT environment used to be comparatively simple, with perimeter defences such as firewalls used to protect a local network, and admins able to secure static PCs with routine patches and antivirus software.
The mobile workforce requires IT departments to ensure devices, applications and data are protected wherever they might be physically located. An increased number of devices within an IT environment also increases the exposure to a cyberattack.
Exacerbating the issue is; employees are often using their own devices to access corporate data and applications, whether it’s their home PC or their own smartphone as part of a Bring Your Own Device (BYOD) strategy.
An attack can have a devastating impact on productivity, business continuity and reputation, while the loss of customer or corporate data has serious reputational and financial consequences. The introduction of the EU’s General Data Protection Regulations (GDPR) requires organisations to take every practical step possible to protect such information.
Failure to comply with GDPR could result in huge fines of up to 4% of global turnover of €20 million (whichever is greater).
But there is no turning back the clock. Employees will no longer tolerate working practices they don’t agree with, nor will they use tools they don’t want to. With Digital Transformation promising new revenue streams and cost efficiencies, it’s not in an organisation’s interest to put up barriers.
Securing the mobile workforce is a challenge, but it is not impossible thanks to a number of technologies that mitigate these threats and ensure your organisation maximises the benefits of flexible working.
Before the smartphone became an essential tool for everyday life, it was common for organisations to issue company phones to employees who often had no choice of handset and were subject to severe restrictions. Such an approach is unfeasible in the era of Digital Transformation.
Cross-platform Mobile Device Management (MDM) solutions such as BlackBerry Enterprise Service (BES) and Microsoft InTune make it possible to separate personal and corporate applications and data, allowing people to enjoy the applications they love without putting sensitive information at risk.
Laptops, smartphones and tablets are enrolled into the user network, bringing them under the control of IT. Combined with other measures such as Single Sign On (SSO), MDM protects corporate assets and makes the experience as easy as possible for the user.
MDM platforms roll out security updates to devices under the IT department’s control, encrypt data, and ensure that a PIN code or password is required to access the handset. Then if a device is lost or stolen, it can be remotely wiped.
But it’s not just cybercriminals and phone thieves you have to account for, it’s the workforce themselves. Shadow IT, the use of unapproved, unmanaged applications for work purposes, raises the prospect of corporate data leaving a secure environment.
MDM platforms and applications like Microsoft Office 365 employ Data Loss Prevention (DLP) to stop users sharing data with unauthorised recipients, devices or applications, and if a device is lost or stolen, it can be remotely wiped.
1) What if a device is left on a train or stolen from a restaurant table?
If a laptop, smartphone or tablet has been enrolled via an MDM platform then admins should have set a policy requiring users to set a passcode. Aside from this frontline defence, all data should be encrypted, and the device can be remotely wiped using a control panel.
2) What if an employee tries to share sensitive data with a friend on Facebook?
Data Loss Prevention (DLP) functions range from something simple like a warning in Outlook telling users they are sharing data outside their network, to complex solutions that prevent or identify leaks. MDM prevents the spread of corporate data to unapproved devices, users or applications while network-based DLP monitors traffic to detect loss or suspicious activity. PC-based DLP can detect events such as unauthorised emails, document printing or file sharing via physical storage.
3) What if an employee is using a public Wi-Fi network?
Working in a coffee shop might afford employees some respite from the hustle and bustle from the office, but it also takes them away from the security afforded by the corporate network.
Public Wi-Fi exposes users to the threat of snooping, Man-in-the-Middle (MitM) and malware. A Virtual Private Network (VPN) mitigates this by maintaining the same standards as a corporate network and by encrypting traffic.
Alternatively, employees can use cellular networks. They can tether their laptop to their smartphone, use a 4G-enabled tablet or even investigate a Windows-on-Snapdragon PC with an embedded SIM.