The fear of potential data breaches keeps many business owners awake at night.
While it has been possible to access work emails and calendars from external locations for several years, evolving mobile technology is now allowing remote access to do so much more, putting businesses at risk.
It is vital to prevent unauthorised access to sensitive business information – and to ensure that technological advances don’t provide hackers with an easy way into your system.
Even if you have all the right technological systems in place, the unpredictable human factor makes data security difficult to control.
What file-sharing systems do your staff use on their various devices? Are their operating systems and anti-virus software up to date? Has someone fallen for the latest spear-phishing scam, putting the whole system at risk?
This challenge is not going away. As technology evolves, so does the security problem.
Thankfully, so too do the solutions. Here is some advice on keeping your business defences in good working order:
1. Develop and communicate your security policy – but don’t rely on it
If you don’t already have a security policy, develop one.
Then educate all of your employees on the risks posed by mobile technology. Make sure the information you communicate is relevant to the needs and roles of the individual employees. You will likely need a different approach when explaining the policy to a sales and marketing team member than to a junior IT graduate.
Education is essential – but it doesn’t eliminate the need for security threat prevention.
Remember, however well you communicate your policy, you simply can’t rely on it alone. You will always experience instances when someone doesn’t absorb the message, or when a spear-phishing link seems too real or compelling to ignore.
2. Utilise the latest security tools
a. Ensure you have a superior end-point product
Cyber criminals are getting smarter and more targeted with their attacks. And who are they most likely to target? Those with access to the most sensitive information.
To combat this risk, businesses need to be one step ahead of the bad guys. The standard, off-the-shelf anti-malware tools will no longer cut it.
A number of next-generation tools are available to help you manage risks to your business. They conduct real-time analysis of software behaviour, automatically stopping any suspicious programs before they can cause damage.
New products are being developed all the time, so it is vital to continually review your end-point security tool kit.
b. Update your perimeter security
Technological advancements mean that your access-point or ‘perimeter’ security policy should be enforced on a user, content and application basis.
- Is someone is trying to download a file from webmail? You can stop this automatically.
- Has Dropbox become an unofficial file-sharing tool? You may identify this as a risk – but the use of Dropbox and other unauthorised file-sharing solutions can be managed through your firewall.
- Before employees are allowed to connect to your virtual private network (VPN), check whether they have the latest patch installed on their devices.
c. Introduce mobile device management
Mobile technology is challenging existing business models and creating complexity. As more devices become available, we will see more of them connected to our networks.
There is nothing you can do to prevent the increasing use of devices, but you can take steps to help secure them.
Reclaim control and proactively push updates to approved devices from a centralised management console. You can blacklist or whitelist particular applications to further manage risk.
d. Consider outsourcing security management
If you feel you don’t have the skills, the time or the resources to manage security yourself, outsource it, and focus on your core tasks and projects.
But be selective when it comes to outsourcing or choosing a partner – you need to work with someone who is across the latest security developments and technologies and is equipped to take on the challenge of evolving mobile technology.
Make sure your partner can manage all the elements of an integrated security policy, end to end.
3. Enforce your policy
Mobile technology is disruptive, and it is evolving, causing headaches for businesses as they seek to combat increasing threats to security.
It is important not to rely on just having and communicating a security policy – you need to actively enforce it.
The tools to do this are continually evolving – the ones outlined above are current best practice, but the latest approaches and tools should always be monitored.
Gordon Hosking is the head of business development at Nexon Asia Pacific, an end-to-end business technology solutions provider.