In the BYOD era mobile devices are becoming an increasing presence in the workplace.
Bringing your own device is advantageous in a business sense. Employers and employees can stay constantly connected, and can produce work from anywhere in the world (within reason). The ability to be always on, although perhaps not desirable, is vital in improving business operational efficiency.
On the other hand, the massive, global proliferation of mobile devices has created significant challenges for corporate IT security professionals.
BYOD is not going away, it is a product of the time, but it is has created challenges for IT that must be overcome, or otherwise business will suffer.
A survey of 150 IT professional in North America by NetEnrich has given some insight into the debate of mobile devices in the workplace.
It revealed that corporate IT continues to struggle with how best to protect their organisations from data breaches, viruses and other cyber-security issues brought on by employees using mobile devices.
The survey revealed that 41% of respondents have lost $50,000 – $100,000 over the past three years due to a mobile device security breach or attack.
These cyber invasions into company networks via mobile devices can take many forms. Malware apps and the public cloud being insufficiently secure accounted for the biggest causes of mobile cyber threats.
But springs can be leaked by users simply cutting and pasting data to unsecured or public locations, or mobile devices running older versions of operating systems that are known to have security holes. The range of weaknesses is quite formidable.
“The reality is,” said Raju Chekuri, president and CEO of NetEnrich, “enterprise mobile security is a moving target, for which companies and IT professionals must be adjusting constantly. A policy that works today may not work next year – let alone two to three years from now.”
Another hindrance facing the IT departments comes from the employees. The biggest challenge facing IT pros is simply confirming employees have received and reviewed updated company policies.
Similarly, 55% of respondents said their biggest challenge is convincing employees that following the company’s mobile device protocols is in their best interests.
It is evident an attitude shift must be developed towards mobile security, with a greater emphasis on collaboration and communication regarding the risks and current policies between departments, employees and IT pros.
For those renegade employees who continue to put company data at risk by failing to comply with mobile security policy 48% of survey respondents are advocating stricter penalties for them, if and when their mobile devices are breached.
There are practical solutions to solving the vulnerabilities created by BYOD.
Some organisations can enable single sign-on for enterprise and cloud apps, or integrate multi-factor authentication for access to sensitive apps.
Similarly regular checks and scans on employee mobile devices to ensure they are not running out of date operating systems, or hosting malware can mitigate risk.
“The best approach is for IT to work with partners and vendors who develop modern mobile security solutions and best practices, and who understand both the corporate security and employee user-experience demands of the organisation,” said Chekuri.