The rise of mobile in the workplace shows no signs of abating. The trend is largely driven by consumers being used to using mobile devices, from tablets to smartphones, in their everyday lives. People now expect to be able to go online and access tools such as email and social media from their devices. As such, businesses have begun looking at ways to bring mobile into the enterprise.
The potential benefits are vast – enabling employees to work on-the-go, thus improving efficiency and, potentially, revenues. For some industries, mobile can completely revolutionise the working day. Imagine a time when health carers visit people in their homes and access patient records from a smartphone. Or where teachers in largely rural nations such as Nigeria use tablets to communicate in real-time with students in remote areas, where education was previous not a viable option.
Alongside this is the rise in bring your own device (BYOD), which sees employees use a single device for personal and business use. This lets businesses benefit from increased efficiency while cutting expenditure by allowing employees to use their own devices rather than the business paying out.
This potential has got the business world understandably excited, but with that comes concern over data security. For example, if employees can access company data on their mobile, what happens if that device is lost? Could data fall into the wrong hands? What impact could that have? Certainly for organisations such as the NHS or for financial services organisations that hold vast amounts of valuable data, they cannot afford the reputational damage caused if information gets out via a misplaced tablet.
Indeed, despite the benefits of mobile working, 59 per cent of businesses believe it presents a high security risk according to Webroot's 2012 BYOD Mobile Security Study, with 74 per cent of companies specifically concerned about data loss and 70 per cent concerned about mobile malware. Such worries have made it clear that, in order to realise the potential of mobile, a clear mobile device management (MDM) strategy is vital.
Identifying the risks to mitigate against them
The key to mitigating against cyber risks is to identify the issue and ensure policies and technologies are in place in the event that the threat becomes a reality. For example, if an employee loses a device used to access valuable business data, a good MDM or security system will allow the business and/or the user to quickly remotely delete data from the device.
Similarly, malware is a major threat that must be taken into consideration, especially as the amount of mobile malware being launched increases. During the first half of 2012, Webroot saw eight times the amount of mobile malware identified in the first half of 2011. The key to tackling this is to ensure every device is protected as malware develops and adapts.
Modern malware is intricate. Its developers release new variations as quickly as security patches are issued. This means real-time, cloud-based security is vital. Such a system can form the foundations of security in MDM– tracking for and remedying threats before they have a chance to attack that business' devices.
Managing security in enterprise mobility is about taking a layered approach. Firstly, devices should be built with security in mind. Some have functions to separate out corporate and personal data. That kind of feature can act as a first layer of protection. Businesses must then build on this.
Encryption is vital. It is a relatively simple security process that means that, even if devices and ultimately data gets into the wrong hands, only those with the necessary authority can read it. Therefore encryption should be part of any security strategy.
Real-time, cloud-based malware detection and automated remediation is also key. It will ensure devices are safe even as malware evolves. Being cloud-based also means, from a usability perspective, users do not need to manually update the software. Such updates happen in the ‘cloud' and do not impact device performance.
Phishing and spear-phishing are now the cause of the majority of breaches; over 55 per cent according to Webroot's 2012 Web Security Survey, occurring via phishing attacks through users' browsers. Real-time anti-phishing detection, which intercepts web requests and instantly determines whether a site is malicious, offers the best approach to stopping sophisticated and often short-lived attacks.
No organisation can afford to ignore the benefits of mobile but security remains a concern. The reality is, BYOD is not going away. It offers businesses great benefits at a time when the economy is still recovering from the recession and each organisation is looking for ways to improve efficiency and profitability. As such, we need to look at ways of making BYOD a reality – allowing employees to use their own devices and gain the accessibility and usability benefits without compromising data.
In short, the future of enterprise mobility is dependent on how well businesses implement MDM. In order to take advantage of the mobile boom, businesses need to create a layered defence structure – protecting their data from all angles and ensuring employees can make the most of mobile without compromising security.
George Anderson is enterprise product manager at Webroot