How to manage enterprise mobility and data security risks
Blog: Professional advantage - BPM blog
No one wants to be in the firing line when their business makes headlines for the wrong reasons. Similarly, few employees would enjoy explaining to their boss that they accidentally handed over sensitive data to a competitor. Organisations don’t like it when these things happen any more than employees do. That’s why most have data security measures to stop information ending up in the wrong hands.
But as cyber threats become more frequent and severe, many organisations aren’t doing enough to protect themselves. Over 70 per cent of cyber threats target end users, and the easiest way into a network is usually through an unsecured device like a smartphone.
So what can organisations to do stay protected? You need to understand each of the risk areas and adopt a layered security approach to address them.
Let’s break this down.
Here are my top tips for keeping your data safe and defending your business.
- Protect your information from unauthorised access
Rights Management protects corporate documents by allowing secure access to company resources and enables the safe sharing of documents when they are circulated.
This means that your valuable corporate information is protected with capabilities such as Do Not Forward and Company Confidential, as well as Office 365 Message Encryption, which allows you send encrypted emails to anyone.
This works across multiple workloads such as Exchange, SharePoint and Office documents, and it makes it easier to set restrictions and provide permissions. This first step is the most important, and can be the easiest way to secure documents and emails and manage security risks in your mobility plans.
- Specify an IT mobility security policy and enforce it and use a tool to ensure that devices that access data are secure
The good news is that simple security devices such as keypad locks are often very effective. Given this fact, you’d be surprised by the number of organisations that don’t make keypad locks mandatory for mobile network access.
Set your email policies so that all devices must have locks (i.e. secure passwords, patterns, pins or Touch ID, or even cooler, Windows Hello using facial recognition to sign in to your Windows 10 devices with just a look or a touch) before they are granted access to your network. This will protect you, but it doesn’t offer total protection. it can be less effective on jail-broken IOS devices or rooted Android devices.
If you’re serious about mobility and security, I recommend an enterprise mobility solution. These solutions build data protection directly into mobile applications.
When reviewing enterprise mobility solutions, you should look for one that is compatible with a wide variety of common devices, operating systems, and applications.
Other must-have functionality includes the ability to target specific devices and to remove devices from the system quickly.
It’s important to have a mobility solution that integrates data protection and compliance capabilities and minimises complexity.
Features that support this include:
- wiping or partially wiping a device when an employee leaves an organisation
- secure apps that control how the data is accessed (eg, can not copy and paste into private email)
- access based on compliance (ie, not jail broken, has passcode)
- a self-service business portal for users to enrol their own devices
- bulk enrolment of corporate devices so IT administrators can deploy applications and set rules on a large scale.
These solutions enable workers to access mobile applications from any device while restricting actions that could compromise security, like copy and pasting, saving and printing.
Workers require permissions to access corporate resources and you can control who is enabled to view and email sensitive material.
So what happens if a device is unenrolled, no longer compliant, lost or stolen? IT administrators have the freedom to lock devices, reset passwords, restrict file access, encrypt data or do a selective wipe of an app or data or even a full wipe.
These capabilities provide an invaluable layer of security, minimise risk and maximise the benefits of mobility. Read more about EMS here.
- Use two-factor authentication
An authentication factor is a type of credential used for identity verification. The three most common categories are often described as something you know, like a password, something you have, like an NFC card, and something you are, like biometric data.
Two-factor authentication is when a website or network requires two categories of authentication (ie a password, an SMS, OTP (one time password), phone call or YubiKey) or two instances of the same category (ie two passwords) before it lets you sign in. Each additional authentication factor makes a system more secure.
This can be used to prevent authorised access if a device is lost, and is usually used for remote access.
The downside of two-factor authentication is that you trade added security for a less streamlined user experience. It is not that easy to use a card and then type in a password to access content or to have to type in two passwords. However, the most secure computer is one that is turned off and locked in a safe. While it’s secure it isn’t practical. It is important to implement 2FA where practical.
To minimise streamline issues, you should sort your data into two categories:
- sensitive data that requires two-factor authentication
- less sensitive data that can be accessed by one-factor authentication.
- Encrypt data on company laptops
Trusted Platform Module from Microsoft is something that has been available, and yet I don’t see it implemented very often.It involves a microchip (often built into newer computers) that enables your computer to utilise advanced security features, such as BitLocker Drive Encryption.
The platform can:
- Create encryption keys that can only be decrypted by the same TPM.
- Upon starting, the TPM will check the operating system for conditions that could indicate a security risk, such as disk errors. If detected, it will keep the system partitioned until a password is used.
- Set aside time for employees to update device software and ‘mind the gap’…
While technology plays a large role in successfully implementing an enterprise mobility solution, there is an important human component as well. Workers at every level need education about safe mobile device usage and on how to secure their devices. It’s important they are given time to do this.
Software updates include important security patches, but how often are you tempted to ignore them when other tasks seem more pressing?
Software updates can take some time to install, but it’s worth making the time if it means keeping your devices secure. Everyone in a business is responsible for implementing mobile device security policies, from the very top all the way down.
The risks and challenges of enterprise mobility may seem daunting. Tackling these challenges in a systematic way and with the help of an integrated solution enables the agility, energy and innovation of mobility without compromising the integrity and security of business.
Discover how easy Office 365’s Enterprise Mobility solutions can be integrated into your business Today. Register for one of our Office 365 Up Close and Personal events.
Need an answer about Office 365?
Thank you for your enquiry. We’ll be in touch shortly.
Send us another message
The post How to manage enterprise mobility and data security risks appeared first on blog.pa.com.au.