Mobile Data Security: Remote Workers Are Significantly Increasing the Risks
Research paints a worrisome picture about mobile data security.
In a 2016 study by mobile security provider Lookout and Ponemon, two-thirds of organizations reported having had a data breach as a result of employees using their mobile devices to access the company’s confidential information.
According to software company Citrix, 61% of employees now work outside the office at least some of the time with the average employee using 3 or more mobile devices daily to work.
By 2018, 70% of professionals will conduct their work on personal smart devices, said Gartner, Inc.
What are mobile workers doing wrong?
Lack of security behavior: In 2014 Cisco research, 46% of employees admitted to transferring files between work and personal computers when working from home. More than 75% of employees do not use a privacy guard when working remotely in a public place; 13% admit sending business email to customers, partners, and co-workers via their personal email at home.
Online habits: Like all employees, mobile workers are susceptible to phishing and social engineering attacks as well as malware, which may be unknowingly downloaded to devices and spread to other devices. Lookout also showed that 56% of data accessible on PCs is also accessible on mobile devices.
WIFI usage: Using public WiFi services may give hackers access to device storage and the corporate data base.
Carelessness: While great for travel, small portable devices are easy to steal and are being left behind in airports, taxicabs and other public places.
Personally owned devices: In Bring-Your-Own-Device (BYOD) environments, mobile devices contain a combination of personal and corporate information. Mobile workers are increasingly using Internet of Things devices too – Gartner predicts that by 2018, 25% of new mobile apps will talk to IoT devices. Hackers are constantly looking to access these devices.
Incorrect disposal: Many people want to upgrade when a new smart phone or other mobile device is released – and they throw away or recycle old equipment. But old and broken down devices contain confidential data.
How can an organization ensure the security of mobile workers?
- Create a mobile security policy based on compliance and risk mitigation, and keep it up-to-date. Mobile security tracker information by Shred-it showed that only 31% of C-suites and 32% of small business owners (SBOs) have information security policies for off-site work environments.
- Provide on-going training. Research has shown that employees who cause security breaches often violate security policies and misuse resources. In training, include how to protect mobile devices at all times and ensure others can’t see screens when working in public places.
- Provide the latest and best device protection including security patches, encryption, and control data back-up. Monitor equipment continuously for malicious files. Encrypt all devices, and activate passwords.
- Consider company-issued equipment as the rule. Minimize sensitive information kept on mobile devices.
- All employees should only connect to trusted networks.
- Make it a policy that employees bring old devices into the office for secure destruction. Clean out storage facilities regularly, and avoid stockpiling.
Keep a close eye on information security in the office by knowing the most vulnerable areas for fraud.