Get mobile on device infosec policy

Powered by SC Magazine
 

Trial your mobile policies with users to guage acceptance.

Mobile devices like smartphones and tablets are quickly becoming an essential item for many Australian professionals, but there’s a high price for this convenience.

The proliferation of employee-owned mobile devices in the workplace has significantly heightened the security risk for enterprises, putting corporate data at risk.

Recent Australian Bureau of Statistics figures state there were 8.2 million mobile handset subscribers in December 2010, up from 6.7 million in June.

Gartner said more than 5.7 million smartphones are forecast to be sold this year, compared to 4.4 million last year,  and will exceed 9.6 million in 2014.

By 2015, nine in 10 mobile phone users in Australia will own a smartphone.

But before the immense popularity of mobile devices, organisations standardised enterprise mobility on a single mobile platform which were provided to a select number of employees.

However, now an increasing number of employees own personal mobile devices and want to use them for work purposes, particularly as the boundaries blur between work and home life.

Work gets personal

Practically speaking, it is very difficult to prevent employees from using their personal mobile devices for business purposes.

You need a clearly documented and enforceable mobile security policy.

Organisations should start planning on the broad security measures they want to put in place over time, not when problems arise.

You need to consider the areas of access control, data protection and malware prevention:

Access control: Requiring authentication such as a password or even voice detection/fingerprint should be implemented. Unfortunately, these approaches can also make it more difficult for the device owner and may lead to user dissatisfaction.

Malware Prevention: Security suite software runs on the mobile device, scanning for malware and viruses, and is regularly updated as new threats arise. Even applications from pre-approved vendors like the Apple App Store are not immune from malware. 

Data protection: Encrypting the data on mobile devices can provide an additional level of security. Wiping data from a lost or compromised device is recommended practice, however the large amount of personal information that is also lost could be perceived as an invasion of privacy by the end user. Today there are few robust solutions available to adequately separate access to personal and work data, although this is likely to be an area of focus for a number of vendors in the space.

The approach to adopting a mobile security policy depends on what’s driving the organisation. If a company is under pressure from senior people to deliver a quick solution for mobile device use in the workplace, a remedy would be to use an outsourcer to address the issue while policies and procedures are being defined internally.

Alternatively, an organisation could trial a pilot program with a small group of users while they define their mobile security strategy.

Finally, if an organisation wishes to manage the mobile devices itself, we would suggest that they utilise technology that can manage the range of devices people use to interact with the corporations: desktops, laptops, mobile devices and BYO devices.

This would enable the company to have a complete view of their assets (those owned by both employees and the corporation) and act swiftly in the event of a compromised mobile device.

Just the beginning

While the threat of malware on PCs is very real, the threat of mobile devices is just beginning to emerge as they become more popular.

During the next five years, use of smart devices will explode. There will be two billion smart mobile devices in the hands of consumers and business users by 2015. Furthermore, they’ll be using 15 times more mobile apps and services, as well as spending four times more on mobile transactions.

Although the number of smart devices within an organisation may be relatively small at the moment, now is a good opportunity to plan for the next five years.

As your mobile enterprise continues to expand and devices grow more robust, your security risks increase. But with careful preparation, you can leverage the latest tools and expertise to help protect your highly valuable corporate assets.

 It’s clear there is a lot to be excited about with smart mobile devices. This new group of handhelds promises to increase productivity while giving employees greater flexibility. That’s a winning formula for both employees and their businesses.

Copyright © SC Magazine, Australia


Get mobile on device infosec policy
Tags
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Another clever trick you can perform with Xero
Jun 25, 2014
Here is another way to reach out to particular subsets of your customers using Xero.
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1097

Vote