{"id":10247,"date":"2016-06-01T10:55:26","date_gmt":"2016-06-01T15:55:26","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=10247"},"modified":"2019-05-22T09:26:48","modified_gmt":"2019-05-22T14:26:48","slug":"5-steps-to-protect-your-business-data-in-a-mobile-world","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2016\/06\/5-steps-to-protect-your-business-data-in-a-mobile-world\/","title":{"rendered":"5 steps to protect your business data in a mobile world"},"content":{"rendered":"

\"Education\"Summary: While mobility offers many advantages to the modern business, it brings new security challenges. How can your business protect your sensitive data in a mobile world? How can you maintain security, when you can’t control every device in your organization? In this article, we explore 5 steps you must take to protect your business data in a mobile world.<\/em><\/span>
\n<\/a><\/p>\n

The rise of mobile presents many advantages to the modern business. As mentioned in this article<\/span><\/a>, mobility can improve customer service, retention, internal productivity, and much more.<\/p>\n

But, these advantages come at a cost. The rise of employee-owned mobile devices in the workplace brings new security challenges. Protecting sensitive business data becomes more difficult than ever.<\/p>\n

How much is mobile impacting security? A new study<\/span><\/a> finds that employee\u2019s mobile devices are increasingly the cause of data breaches. In fact, over two-thirds of IT and IT security professionals in the study claim that their organization likely had a data breach as a result of employees accessing company data from their mobile device.<\/p>\n

So, what can you do about this? Can you ban employee-owned mobile devices? Of course not. Mobile is the new reality for businesses. Most businesses can\u2019t possibly stop employees from bringing their own devices into the workplace.<\/p>\n

So, how can you protect your sensitive data in this new, mobile world? Of course, one option involves providing your employees with company-owned devices. If you take this route, you can set up Mobile Device Management (MDM) tools, and control the devices.<\/p>\n

But, this still doesn\u2019t ensure that employees aren\u2019t also using their own mobile devices in the workplace. The question is…how can you protect your mobile data across devices that you can\u2019t control?<\/p>\n

Today, let\u2019s explore this question. Here are 5 steps you must take to protect your business data in a mobile world: <\/p>\n

1. Educate, Educate, Educate<\/h3>\n
\"photo
photo credit: jarmoluk<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

If we\u2019ve learned anything from recent data breaches, it\u2019s this: Users have awful security habits. How bad are they? To illustrate, I\u2019ve tracked down the list of the 25 most popular passwords from 2015<\/span><\/a>, and have listed just the top 3 below:<\/p>\n

    \n
  1. 123456<\/li>\n
  2. Password<\/li>\n
  3. 12345678<\/li>\n<\/ol>\n

    That\u2019s right. People actually use these passwords to protect their accounts, data, social media profiles, email, etc\u2026<\/p>\n

    Do you really want to assume that users know how to securely use their phones, or protect the data on their devices? Do you think they\u2019ll know to avoid public wifi, phishing emails, malware, or any of the many threats to mobile security?<\/p>\n

    The first step in keeping your data secure in the mobile age is education. Your employees must understand best security practices for their mobile devices. We won\u2019t get into all of them here, but if you want to read more, we\u2019ve outlined 14 security tips for mobile users, in this two-part article (part 1<\/span><\/a>, part 2<\/span><\/a>). <\/p>\n

    2. Implement BYOD policies<\/h3>\n

    It\u2019s the new mobile reality. Employees will bring their own devices into the workplace. They will use those devices for work-related tasks–often without the company\u2019s knowledge. <\/p>\n

    Most of the time, employees aren\u2019t trying to do anything malicious. They\u2019re just trying to get their job done. The problem is, when employees don\u2019t understand what they can (and cannot) do with their personal devices, you put your data at risk.<\/p>\n

    What should you do? As explained below, creating clear BYOD policies is one of the first steps you should take. If you want to avoid accidental security breaches, employees must understand the rules and restrictions of personal devices.<\/p>\n

    \n\u201cCompanies can combat these threats by having BYOD (Bring Your Own Device) policies and Acceptable Use policies for personal assets,\u201d says Christopher Roach, Managing Director and National IT Practice Leader of CBIZ Risk & Advisory<\/span><\/a>. \u201cThis could include the use of application software loaded onto these mobile devices that encrypts data and requires additional measures in order to access company information on the device. The key to protection is two-fold \u2013 both technology and training must be utilized in order to provide the best protection for the company. The company should have the ability to \u201cwipe\u201d the mobile asset remotely if it is loss or stolen, thus reducing or eliminating the risk to the company.\u201d\n<\/p><\/blockquote>\n

    What makes a good BYOD policy? As explained above, BYOD policies include both technology and training. We won’t get into every aspect in this article, but it’s a topic I’ve covered in a previous article, which you can find here<\/span><\/a>. Additionally, if you’d like to learn more about technology to help you manage BYOD, here’s a roundup of solutions over on PCMAG.com<\/span><\/a>.<\/p>\n

    3. Treat the device as a portal<\/h3>\n
    \"photo
    photo credit: BenjaminNelan<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

    What\u2019s easier: Trying to control data that\u2019s spread across an unknown number of devices, or trying to control data stored in one place? Obviously, controlling a single location is the simplest option.<\/p>\n

    Yet, so many businesses attempt the first approach. Employees store data on their devices, and the business tries to monitor and control each one. <\/p>\n

    The better solution: Store data securely in your database, and make it accessible via mobile web applications. Why? This gives employees access to the data they need, without storing it on the device itself. As explained below, treating the device as a portal (and not a destination) is one of the best ways to protect your data.<\/p>\n

    \n\u201cThe best way to protect data on a mobile device is to not have any data on it in the first place,\u201d says Brian Allison, Senior Account Executive at Innovative Network Computer Solutions<\/span><\/a>. \u201cAs we\u2019ve seen from some of the recent activity with the San Bernardino iPhone and even more recent activity by the LAPD, devices can be hacked and without the manufacturer\u2019s assistance. The assumption needs to be that data outside the four walls of the enterprise is subject to compromise (and yes, inside the four walls it can still be compromised, but the defenses can be better controlled there).<\/p>\n

    Instead, the mobile device, whether tablet or phone, should only be used as a portal to view information. It\u2019s possible to have full rights to the data being viewed, to not only read it but to also make changes to it, but the data itself stays on the server, wherever that may be located. That way, if the device is lost or stolen, it can be shut off in terms of network access at a moment\u2019s notice to make sure the data remains protected.\u201d\n<\/p><\/blockquote>\n

    4. Define what data needs to be protected<\/h3>\n

    Now, if you treat the device as a portal, should you make all of your data available to mobile users? Not at all. One the biggest data security mistakes is making too much data available on mobile devices. <\/p>\n

    Just because you can make it mobile accessible, doesn\u2019t mean you should. The fact is, much of your data should not be accessible on mobile devices. Why? Maybe it\u2019s sensitive data, or maybe making it accessible via mobile devices offers little value.<\/p>\n

    For instance, your salespeople might need product and customer location data available on their smartphones. But, do you need sensitive HR data available outside of the office? Not only is it sensitive data, but offering access via mobile devices provides little value. It\u2019s a high-risk, low-reward option. As explained below, understanding which data needs the most protection is one of the most important steps you can take.<\/p>\n

    \n\u201cDefine what needs to be protected,\u201d says Ali Solehdin, Product Expert at Absolute<\/span><\/a>. \u201cData is a big bucket for most organizations and attempting to protect everything is an expensive and unrealistic approach. For a first step you should determine what data is important and sensitive, where it is located, and who is authorized to access it. Run data audits across all mobile endpoints to determine what data is stored on these devices and align it with the end user to verify that access is warranted.<\/p>\n

    These initial steps will define the scope of the work and allow you to focus your planning and resources only on data that requires a higher level of security. Once this initial work is complete, you can create a mobile data strategy that supports your specific requirements.\u201d\n<\/p><\/blockquote>\n

    5. Use best security practices in development<\/h3>\n

    Now, I realize that this point may seem obvious. After all, don\u2019t businesses already understand the importance of using best security practices in their development? If they\u2019re building web or native applications for use on mobile devices, they certainly would follow best security procedures…right?<\/p>\n

    Surprisingly, it seems the answer is \u201cNo.\u201d Or, if businesses do understand the importance of security, it\u2019s being largely ignored.<\/p>\n

    As mentioned in this article<\/span><\/a>, 86% of applications have serious security issues. What\u2019s worse, over half of applications contain commonly-known vulnerabilities, like Cross-site scripting, SQL Injection, and more. These are threats that businesses have known about for over a decade–yet willingly ignore. <\/p>\n

    Why does this happen? As explained in the article<\/span><\/a>, much of it boils down to priorities. For many businesses, security takes a backseat to development speed. As developers rush to meet deadlines, security often gets glossed over.<\/p>\n

    However, with the added security risks of mobile, businesses cannot afford to ignore security in the mobile development. As explained below, you must follow security standards in any mobile development project.<\/p>\n

    \n\u201cAnyone developing mobile applications should utilize industry accepted security standards and best practices to reduce the risk of compromise,\u201d says Kristen Peed, director of corporate risk management at CBIZ<\/span><\/a>. \u201cFor example, minimum standards should be developed (and trained on) the PCI Mobile Payment Acceptance Security Guidelines, OWASP Mobile Top Ten vulnerabilities and mitigation practices, and incorporate application vulnerability assessment and code review throughout the development process and routinely after deployment.\u201d\n<\/p><\/blockquote>\n

    Summary<\/h3>\n

    These are just 5 mobile security tips for business, but the list could certainly be much longer. If you would like to add anything to this list, I\u2019d love to hear it. Feel free to share in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Summary: While mobility offers many advantages to the modern business, it brings new security challenges. How can your business protect your sensitive data in a mobile world? How can you maintain security, when you can’t control every device in your organization? In this article, we explore 5 steps you must take to protect your business …<\/p>\n

    5 steps to protect your business data in a mobile world<\/span> Read More »<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"5 steps to protect your business data in a mobile world - mrc's Cup of Joe Blog","description":"Summary: While mobility offers many advantages to the modern business, it brings new security challenges. How can your business protect your sensitive data in a"},"footnotes":""},"categories":[8],"tags":[34,71],"class_list":["post-10247","post","type-post","status-publish","format-standard","hentry","category-education","tag-mobile","tag-security"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=10247"}],"version-history":[{"count":8,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10247\/revisions"}],"predecessor-version":[{"id":11786,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10247\/revisions\/11786"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=10247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=10247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=10247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}