Enterprise Mobility And Role Of Strict IT Security Policies In Improving Workplace Mobility In An Organization
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Enterprise mobility has proven to have increased productivity to a great extent. The modern workforce has recognized its advantages very well. Reduced commuting times and flexible scheduling means that workers can do much more. Workplace mobility also increases employee happiness and productivity. However, with the benefits of employee mobility come several risks, such as increased vulnerability to malicious attacks.
More organizations and individuals have started to consider flexible and remote work options. According to a study that was conducted globally across many countries and various people, it was estimated that 89 per cent of people thought that flexible working had improved their business and productivity in a big way. When a similar study was conducted earlier in 2016, the percentage of people thinking the same was only 68 per cent. In just two years, people’s views started to shift favourably towards flexible work schedules. Such a scenario is no doubt welcome for the benefits it brings, but the emergent security challenges must be addressed. Strict IT policy and guidelines such as company only devices and increased awareness can tackle the new problems that are arising. Mobility programmes that are tailored to deal with security issues also help address concerns.
Enterprise Mobility—The Future
In 2010, the concept of enterprise mobility was taking shape very rapidly. However, the idea saw slow rates of adoption. Experts say that this was because businesses were daunted by security issues and loopholes in IT mobility. A study showed that 67 per cent of employers stated security concerns as one of the main reasons for resisting remote work. An alarming find is that less than a quarter of people can see when their devices are lost, which can lead to potential security breaches.
In the workplace, the IoT allows devices such as smartphones and printers access to the same company networks. Weak security policies can lead to the network being compromised. This fact poses a security issue that was seen with the latest ‘Fancy Bear’ Russian state-sponsored attacks.
Fancy Bear Attack
In a situation where every device connected to the network is vulnerable to an attack, it might seem that there is not much a chief security officer (CSO) can do. However, the situation can be contained because most vulnerabilities that exist are small errors such as weak passwords, etc. It must be remembered that a seemingly unimportant device also warrants attention from the security team. Although IT security focuses on servers and other systems in the network, tools such as printers and scanners are often overlooked. The password for some devices might be elementary to crack and may not be configured. In the Fancy Bear attack, hackers exploited vulnerabilities and targeted tools such as printers that were not secure. The hackers used these IoT devices as a foothold. They then slowly breached more sensitive areas until Microsoft detected the attack.
Microsoft alerted over 1,400 companies that Fancy Bear had comprised them. These ranged from tech, pharmaceutical companies, defense, education and engineering.
Most companies start taking security seriously only when there is an attack or an attempt to hack their network. One of the main reasons that the Fancy Bear hackers were able to gain access into their networks is that they had not updated their system with the latest security patches. Such lapses are a common issue seen with every other organization out there.
Another major talking point about the Fancy Bear attacks is that apart from the lack of security measures taken by the teams, there was widespread negligence or awareness of security protocols. Over the years, we’ve seen many massive cyberattacks that start from a single click on a phishing link sent by email to an employee. Hence, it is the duty of the IT security teams to create awareness among its employees and conduct regular seminars about the necessary security protocols to be followed within the organization. The importance of reporting about phishing emails and attacks must also be known.
Enterprise Mobility Business Planning
Businesses planning for enterprise mobility need to take a two-pronged method to tackle the security threats involved in it. Firstly, a full-force awareness drive needs to be initiated within the organization to ensure everyone is following security protocols outlined by the IT security department. Enterprises can either use apps that support a wide range of devices or issue company devices and avoid the problems of BYOD.
The next strategy that can be adopted is creating security awareness among employees. IT security teams cannot stand guard and protect every system in the organization. The organization can formulate robust security protocols to be followed, but the employees have a collective responsibility towards security. Seminars denoting the potential risks and issues linked to cyber-attacks need to be held.
Enterprise mobility can be both a boon as well as a curse for an organization. If organizations enforce strict guidelines and security policies and create the needed security awareness among their employees, then the concerns holding back adoption of enterprise mobility can be quickly addressed. Enterprises can then start benefitting from the vast benefits of remote work, such as higher productivity and employee retention.
One fact remains that the more sophisticated the mobile enterprise jobs are, the higher the possibilities of threats and attacks become. Enterprises thus need to invest in a separate and dedicated security team to handle enterprise mobility and frame a different set of guidelines regarding the safety and security of mobile devices both inside and outside their premises.