Securing a Mobile Workforce

Mar 15, 2016 10:00:00 AM |

Wesley McGrew

Social Share:

Cyber_Mobile.jpgLast month, our Executive Partner, Joey Havens, announced a new mobile document sharing platform for our organization. With a mantra of fearless unrivaled flexibility, we allow our employees to be more flexible with their work schedules which usually means more mobile as well. This new tool is also vital for our team members traveling on a daily basis. It will allow for greater productivity for mobile employees and allow us to provide our services more efficiently. 

Increased Mobile Cyber Attacks

Just shortly after this decision was made for our organization, Ponemon Institute announced a new study revealing an increase in cyber attacks originating with mobile devices. Obviously, allowing employees to use their own personal devices to access company data opens up new opportunities for cyber attacks. This creates challenges for an organization that seeks to take advantage of the productivity increases seen from mobile work. 

From the perspective of an IT department, mobility and BYOD policies adds an additional layer of complexity. Now, not only are you concerned with your own IT infrastructure, but also concerned for the security of devices that you may never physically see, yet contain your company’s data. The attack surface you have presented to potential attackers just grew tenfold.

So, how does an organization encourage mobile productivity while also maintaining confidentiality? Should we limit the amount of company data a person can see on their device? Should we discourage our employees from being a productive mobile workforce? In an age where we are more connected to our mobile devices than ever before, this simply is not an option. Therefore, I want to share with you what I think are the two most important things in securing your mobile workforce: employee training and mobile device management software.

Employee Training

Information security is not just the responsibility of IT staff. Never underestimate the value of training your employees to protect themselves from cybercrime. Organizations need to educate employees on the risks associated with cybercrime, what actual cyber attacks look like, and how to avoid falling victim.

Hackers prey on the ignorance, oversight and vulnerabilities of your employees.  By informing your staff of the threats, risks, and measures they can take to protect sensitive data, you are empowering them to ‘buy in’ to the fact that they all share responsibility for the security of your organization.

Encourage your employees to take caution and be more aware of malicious attacks. Train them in the common types of phishing scams and cyber attacks that are likely to occur on their devices. Conduct ’fire drills‘ by having your team push out unexpected phishing attacks to see if your training has worked. The key is to impress upon them the importance of their participation.

Mobile Device Management Software

Today, there are numerous mobile device management software options. These software offerings allow organizations to monitor employee devices for malicious attacks. Most include features such as the ability to remotely lock or completely wipe clean a mobile device if it is lost or stolen. This allows for some control of corporate data on devices that are outside the physical control of IT staff. The software ensures that system configuration for encryption, firewalls, and antivirus software meet a set of best-practices for the organization and typically require the user have a passcode to access the device for an added layer of protection.

With the workforce growing more mobile, organizations must provide the tools necessary for employees to be productive while not in the office. It is also the responsibility of the organization to provide vital security tools and training to their employees. 

How are you protecting your mobile workforce? I welcome your comments below.

 

For weekly insights into cybersecurity, please sign up here:

Subscribe to HORNE Cyber Blog

 

COMMENTS

THIS POST WAS WRITTEN BY Wesley McGrew

Wesley serves as the director of cyber operations for HORNE Cyber. Known for his work in offensive information security and cyber operations, Wesley specializes in penetration testing, network vulnerability analysis, exploit development, reverse engineering of malicious software and network traffic analysis.

Find me on: