Hope for the best, but plan for the worst.
In the final quarter of 2011, Apple sold more than 15 million iPads — a 111 percent increase from the same quarter the previous year. And more than three out of four employees use their mobile devices in the workplace or for work related activities. With mobile devices growing in prevalence and popularity, a new information security threat that most companies are not equipped to handle has emerged.
Most employers understand the concerns related to mobile device security, but efforts to adequately address these concerns have been sub-par thus far. This is likely because business owners don’t know what they don’t know and, in this case, how should they? This is an entirely new phenomenon that has taken network security by storm. In fact, only 10 percent of employers have a comprehensive mobile security strategy in place.
To mitigate risk associated with mobile devices in the workplace while capitalizing on the significant opportunities, decision makers should take a five-step approach.
Work As a Team
Mobile security doesn’t begin and end with IT. It touches every department within a company and every employee within a department — and it should be addressed accordingly. Legal, financial, operations, HR, IT, and executive leadership need to come together to weigh in on a comprehensive mobile security strategy that is developed with a firm grasp on where all corporate data is and where it’s going.
Assess Where You Stand
Once your team is established, it’s time for a deep dive. A thorough assessment of where data is, how it is being stored, and methods for transportation is a critical prerequisite to any security strategy. Risk assessments are also essential in the evaluation stage.
If It’s Broken, Fix It
The assessment will likely expose several holes in the security infrastructure. It is important to remediate any obvious issues before moving on to the larger hurdles. As a general rule, consult with a trained mobile security professional to assist you in identifying and fixing any leaks. You’ll probably find that the vast majority of these issues are the result of avoidable user error as compared to malicious hacker attacks.
Manage, Monitor, & Maintain
Initiate sustainable policies and procedures such as employee training and education, as well as continuous management and monitoring of your security practices. Everything from responsible password practices to mobile device “hygiene” should be reinforced at all levels of the organization. Also, put an acceptable periodic review process in place to ensure that your strategy remains current and complete.
Hope for the best, but plan for the worst. Unfortunately, even the highest-level security strategies are not 100 percent foolproof — which is why a worst-case scenario disaster recovery plan is key. A good plan accounts for everything from data loss to an inappropriate tweet from an employee. Be sure to include pre-approved, clear internal and external communications that address a wide range of potential scenarios.
Bear in mind that creating and maintaining completely impenetrable mobile security is not a reasonable goal. However, if you design a responsive and responsible strategy based on the above priorities, you can dramatically improve your level of mobile protection and significantly decrease the chances of suffering a truly damaging data loss.
Steve Barone is President & CEO of Creative Breakthroughs, Inc. (CBI), a nationwide leader in IT advisory services and network security with a dedicated mobile security practice. Steve can be reached at firstname.lastname@example.org or through www.cbihome.com.