Allot Communications recently found that mobile business users have the highest chance of incurring malware. This confirms what we at Appthority know to be a significant source of risk for enterprises – mobile devices and apps. Allot’s study found that 79% of businessmen and 67% of businesswomen use risky apps every day, making them and their organizations vulnerable to malware and a host of other mobile risks.
Securing employee devices is a growing challenge for enterprise security pros and one that often clashes with the efforts of mobility teams to increase employee productivity via mobile devices and apps. Here are four tips to reduce mobile risk and engage employees in making their data and their companies safer:
- Create a security policy for managing mobile use. Most organizations already have policies for other platforms, such as managing firewalls and sharing data with partners. It’s equally important to create a security policy for mobile. Also important is having technology in place to monitor and manage mobile use. Visibility into the apps employees are using and what those apps are doing requires a real-time, dynamic application inventory for devices running in the workplace. From there, security teams can establish policies that govern what data employees can access and how they communicate. A starting point is to determine which apps are trusted by the organization and which are not. Is it okay to send mobile data abroad? Can employees use apps that store data in the cloud? Creating mobile-specific policies and enforcing them is critical.
- Educate employees about the risks of the apps they download. Mobile users have a direct impact on the overall security posture of an organization because they decide which apps to install and bring into their work’s mobile ecosystem. It’s in IT’s best interest to empower users by arming them with tools and training to make better decisions about the apps they download. One option is to provide employees with a security tool that allows them to investigate apps before they install them to make sure they’re secure and will not put data at risk. In essence, IT needs to help employees be safer and more productive by making them part of the solution—not just part of the problem. Employees often have not thought about their role in securing corporate or personal data and can better appreciate it once they have more information. As employees learn to protect their own personal data, they are simultaneously improving corporate security.
- Be judicious in applying blacklist policies. Companies should not simply blacklist app categories outright because there are risks associated with the apps. Employees will use the apps they feel make them most productive, and they’ll do so surreptitiously. If there is a particular file-sharing app you don’t want employees to use, for example, make sure to offer an alternative app that they can use and tell them why you have blacklisted others. Otherwise employees will not understand the security risks associated with what they perceive as a more convenient choice and will find ways to use risky apps anyway.
- Make sure to vet apps you recommend to employees. Enterprises need to be mindful of the apps that employees bring into the organization but also need to review the apps the company chooses to share or recommend to employees. If you’re recommending that everyone use a particular CRM app or collaboration app, make sure you have properly analyzed the app for security risks and that it complies with your corporate security policies. Vulnerabilities in an app the company recommends will populate to the every employee’s device using that app, putting your organization at extreme risk.
Mobile phones are now a rich data target for hackers and immediate action is required. As your organization grows more mobile, you must more actively defend against mobile threats. Instituting mobile security policies and encouraging sound security habits will help keep your employees’s data safe while protecting your organization from an embarrassing and costly breach.