How to Manage Information Security in a Mobile Workplace

The penetration of mobile technology across a variety of industries has surpassed even the wildest expectations.  According to Gartner, 80% of businesses will support a workforce using tablets in today’s business environment. Smart phones, tablets, and mobile devices are highly appreciated for their flexibility in data input, portability, and ever-present connectivity. These characteristics have basically changed how, where, and when work is done, completely redefining the traditional workplace.

The skyrocketing use of mobile devices among employees has also ushered in new and extraordinary threats to information security. As a result, those organizations that have preventative measures against these risks can enhance employee efficiency and secure a competitive advantage. Within this context, information security refers to protecting both the data storage and data transmission whether it refers to personally identifiable information of employees and customers, corporate data or intellectual property.

Complicating Factors For Information Security

There are many factors that have influenced the implementation of effective information security strategies and policies within an organization. Some of these factors include:

• Diversity of mobile devices as far as divergent operating systems.
• Multiplication of mobile devices and, consequently, difficulty in controlling hardware.
• Use of familiar devices by the employees instead of those offered by the company.
• Frequently upgraded devices to keep up with technology.
• Increase in social networking among employees on their mobile devices.
• Ubiquity of cloud computing.

Security Threats To Mobile Devices

As the number and types of mobile devices increase, so do the attempts to exploit them. Consequently, cyber criminals tend to target mobile devices more than ever before and, unfortunately, with increased efficiency. G Data Security Labs reveals that malware targeting of smart phones and tablets rose by 273% compared to 2011.

Managing Security In A Mobile Workplace

It is true that mobile devices bring substantial hurdles to enterprises. However, these hurdles are not insurmountable, and businesses can still transform information technology to minimize risks for data, networks, and applications while taking advantage of mobility through new governance, support processes, and outstanding IT skills. In order to manage information security in a mobile workplace, businesses should:

• Start by understanding exposure of regulated data, including trade secrets, industrial designs, and patents;
• Be aware of the unique risks that define each business and build a security framework on a platform that caters to those risks;
• Explore how and when employees use technology on and off the job to establish the most appropriate security measures;
• Determine a set of mobile devices that can access the network and prevent the addition of new mobile devices by the employees;
• Create preventive controls to ensure that unproved units cannot access the network;
• Establish the type of corporate information that approved devices can store and also the type of data that can be exchanged between the approved device and the corporate network;
• Determine encryption and authentication security measures to protect data on approved units;
• Establish measures that allow the distinction between corporate and personal information;
• Establish where corporate data is allowed to reside (device, network, cloud, or a combination);
• Assess application and services to determine potential risks so that only approved users can access the network;
• Ensure that cloud and data service providers meet the security requirements;
• Implement mechanisms to enforce the controls and standards.

When a business has finished implementing the proper security strategies and policies, employees need to be made aware and trained in best practices for secure use of mobile devices. Since most technical issues can be overcome through training and knowledge, employee awareness is often the weakest link of mobile security. Employee compliance becomes a crucial element of a successfully implemented security strategy for mobile devices.

About the author: George Hillston is professional freelance writer and passionate information security blogger. To ensure complete security with your business’s confidential information, he recommends Shred-It for all your data destruction needs.