Your Company’s Next Security Risk? It’s Not Where You Think

We’ve all heard the stories. An engineer leaves the latest and greatest gadget in a bar, open for any and all prying eyes to see. The executive who rushes out of a meeting to grab an important phone call, leaving behind an open tablet with important, sensitive documents only few in the company have clearance to see.

Or a busy member of the sales team, rushing to and from customer meetings all day only to return home and realize he’s lost his smartphone somewhere along the way – along with all the company’s important sales figures outlined in the presentation for Monday’s meeting.

Not convinced? Every day there are more than 200 phones left in New York City cabs—that’s 73,000 devices a year in New York City alone. Left in a cab, at a bar, or even just out in the open for prying eyes—whatever the reason, a compromised device connected to the network represents a huge security threat.

Ignoring or trying to prevent the “Bring your own Device” (BYOD) trend is not a realistic option. Even employees with the best of intentions will find unsafe, unsecure workarounds or use unreliable consumer cloud-based solutions. Simply because a mobile device is corporate issued doesn’t mean it is secure. When a device is compromised, be it corporate issued or personally owned, the threat is the same.

So, what can enterprises do to guard against, and be prepared for, this unpredictable and unintentional type of security threat?

1. Communicate corporate policies

What is your organization’s policy when it comes to using mobile devices on the network? Will the company issue devices for its employees to use? If employees use their personal devices for work, will the IT department provide support for those devices should any issues arise? These are just some of the questions IT managers and company leaders need to answer, and make clear, to employees.

2. Have a plan in place for lost, stolen, or compromised devices

If a mobile device connected to the work network is lost, stolen, or in some other way compromised to become a security threat, having a protocol already in place will minimize that threat. Consider how your employees will report a lost or compromised device. For example, have an IT hotline set up for employees so they know what to do if their device is lost or compromised. This way, IT can more quickly and efficiently eliminate any problems that might arise as a result .

3. Maintain corporate control

Enterprise-grade mobile file management software solutions exist to keep corporate data secure on a number of mobile devices. Solutions that allow IT to remotely wipe select data and files from lost devices and to block specific users can be immensely effective for quickly and easily eliminating the threat posed by lost, stolen, and compromised devices.

4. Keep it simple

If the organization does decide to incorporate a software solution as part of a mobile security policy, simplicity for end users—the employees—is crucial. If solutions are not user friendly and are hard for employees to use, there are many consumer-grade (and thus, unsecure) solutions to which they will resort. Enterprise software solutions are useless in eliminating the risks posed by compromised devices if employees still opt to use unsecure cloud services. The only way to prevent this is to offer enterprise solutions that are just as easy—if not easier—to use as consumer-grade, cloud-based services.

5. Create a collaborative, solution-focused environment

Support for mobile devices on the network should go beyond risk management and cracking down on “rogue” hardware issues. After all, there are a great many benefits to be had as well from using mobile devices in the enterprise (increased employee productivity, for example). Make sure employees know where they can go for support for all things related to mobile devices—not just when something bad happens.

Along with this, while a compromised device is never a good thing, humans are, well, human. Devices will inevitably get left behind and lost. However, it’s important to create a collaborative environment where employees know what to do when a device has been compromised and feel comfortable to communicate that to the appropriate IT contact.

When it comes to mobile devices used in the enterprise, keep your solutions simple for end users, but make sure they provide enterprise grade security. This combination of simplicity and security will unlock and enable the true functionality of BYOD and mobile devices used across the enterprise.

Anders Lofgren is Director of Product Management, Mobility at GroupLogic, an Acronis company. He oversaw the launch of GroupLogic's mobilEcho, award-winning mobile file management software, in 2011.