The Mobile Workforce: Cybersecurity Challenges and Solutions
Any device, any network, anywhere.
That’s the new security perimeter at your organization. Whether it’s someone checking email over coffee before the morning commute, accessing files on the road, working from home full-time, or anything in between, the fact is that many endpoints are now out-of-office and everywhere.
According to a 2017 Gallup report, 43 percent of employed Americans said they spent at least some time working remotely. As pressure increases for higher organizational efficiency and employee satisfaction, the mobile workforce transformation will only continue. With this change comes more security threats and new solutions to manage them. Below are cybersecurity challenges of the mobile workforce and steps you can take to mitigate risks.
Easier physical access to work devices
Unlike in traditional workplace environments of yesterday, hardware is no longer just massive PCs stored within the confines of a physically secured building. Work hardware is the laptop one table over in the coffee shop or the phone of the businessman sitting next to you at the airport. This makes devices — with the precious intellectual property and consumer data they contain — more easily lost or stolen.
When a device falls into the hands of an expert attacker, passwords or locks can easily be circumvented, giving malicious actors access to your organization’s files. Remotely wiping a stolen device isn’t foolproof either as hackers can use forensic data retrieval software to get to files previously stored or accessed by the device owner.
Steps you can take:
Prioritize data access and adopt an asset tracking system.
Establish a security policy that classifies data based on its sensitivity. Then dictate that your highest priority data is never accessed from a mobile phone and that less critical information is only accessed via sanctioned cloud applications with token-based multi-factor authentication in place.
Additionally, adopt an asset tracking system that covers all devices that employees use for accessing work applications, including email. Employees should be instructed to communicate to your organization when a device is stolen or mothballed so that the security team can ensure that they no longer re-appear on the organization’s network.
Higher risk of malware entering your organization’s network
With the Bring Your Own Device or “BYOD” policies that inherently power remote work, organizations have less of an ability to protect employee-owned endpoints than with company-owned hardware.
Employees will download a variety of unsanctioned programs and apps onto their devices for personal use and potentially for work-related tasks too. Without thorough vetting of every program from a cybersecurity expert, it’s possible that someone will download an app with harmful malware that can steal data from the device or network. SMS and MMS on mobile phones, as well as social media and personal email use, also provide additional channels for hackers to send malicious links to malware.
Regardless of whether or not the device is company owned, the networks mobile employees use pose risks too. Experienced attackers can easily hack into public wifi networks and tap into users’ work-related browsing sessions or penetrate organizational email applications.
Steps you can take:
Create a BYOD policy and educate your employees.
The freedom of personal devices comes with greater responsibility to the organization. Create a BYOD Acceptable Use Policy that explains how employees can use their personal devices for work. This policy should include keeping security software up to date, encrypting the device, and a commitment to report lost or stolen hardware.
Additionally, educate your employees with training about how to spot spam emails or malicious links to empower them to protect not only the organization, but their personal security as well.
Reduced control as cloud adoption increases
As the workforce evolution continues, many organizations are moving to cloud-based applications to make work more accessible and efficient for remote employees.
According to Gartner, by 2021, 27% of corporate data traffic will bypass perimeter security and flow directly from mobile devices to cloud applications. This means IT security teams are increasingly relinquishing control over their company data and entrusting it to third-party vendors.
Steps you can take:
Vet your organization’s cloud services and adopt a CASB.
Ensure that your organization only sanctions cloud services that are enterprise-ready and have compliance-driven security standards in place. Talk to your cybersecurity team about using a Cloud Access Security Broker (CASB) or third-party tool which can add additional security at the point when employees access cloud-based resources.
Remote employees are less engaged with cybersecurity
Today’s organizational leaders are not only tasked with keeping remote employees engaged in their daily work, but in the organization’s cybersecurity as well.
Many remote employees often do not have the knowledge or resources to ensure that their personal devices have the most up-to-date security software and that they’re up to speed on the latest cyber threats.
Additionally, remote employees who do not physically visit an office may feel removed from the organization’s policies and procedures as they relate to security. This can lead employees to disregard security procedures if they negatively impact their ability to work efficiently.
Steps you can take:
Set security policies that are easy for employees to adopt.
Develop policies and procedures that make it easier for employees to take control of their device security. Organizations, for example, can pay for the licensing of preferred security software and offer remote IT assistance with installation during times that are non-intrusive for work or after-hours personal use.
Conclusion: Be flexible like your employees
When employees work so dynamically in a digital environment that’s constantly evolving, it’s important that an organization remain flexible about cybersecurity.
Good security policies balance your organization’s needs with employees’ desire to work conveniently and efficiently, and remain open for change. This communicates to staff that IT is willing to work with employees to adopt new solutions that are win-win for the organization and its team.
This flexibility gives employees a sense of agency regarding their organization’s security, which is critical more than ever now that they control your perimeter.
The formula for balancing cybersecurity and compliance needs with flexibility for mobile workers is different for every organization. Get help finding that balance.