For example, if a worker accidentally leaves an unsecured corporate-issued smartphone or tablet at a café, the next customer may be able to use the device to access a presentation about a commercial deal at a sensitive stage, or a spreadsheet with lists of customers and their personal details. A person accessing corporate systems over an insecure network may inadvertently be sending in-confidence information to a malicious person who has used malware to ‘listen in’ to communications.
These examples are the tip of the iceberg when it comes to potential risks. The latest Telstra Security Report 2019 goes much deeper.
In the meantime, to help minimise the risk to your business of mobile access to corporate resources, you need to address three questions:
- How am I managing and protecting the mobile devices used to allow workers to access data and applications?
- How am I protecting the confidential and valuable information that can be accessed via mobile devices?
- How am I protecting the information that traverses the internet from mobile (and other) devices to my business?
To protect smartphones and tablets (and the data they hold), device management is key. When reviewing device management products, look for the following features:
- The product includes tools that enable your business to enforce policies such as locking all registered mobile devices with PINs that the user must input to gain access to the device
- It enables administrators to require that certain applications (including antivirus, antispyware and other security software) are installed on the device when it is set up
- The product includes functions that allow administrators to determine the roles and privileges that each remote access user has. This protects sensitive information and minimises the risk of data leakage
- It includes applications that capture and report on how corporate information is used on the remote access device to provide an audit trail and allow the business to comply with regulations and governance rules
- And the product protects data by limiting the ability of employees to cut and paste data from corporate applications into personal systems, or provides access to secure file sharing and syncing
When reviewing products that protect mobile devices, you should look for functionality that enables administrators to remotely lock devices, or wipe devices by deleting data and software they hold.
This ensures that if a smartphone, tablet or laptop is left or lost by a worker, any sensitive information (inlcuding business data and passwords) on the device cannot be accessed.
Deploying an internet VPN can also allow businesses to protect their workers and systems without undertaking labour-intensive activities such as configuring manual systems in each remote office they operate.When determining which internet VPN best suits your business, consider:
- The ease with which the internet VPN can be set up
- Whether the internet VPN allows you to remotely perform configuration changes on demand
- Whether the internet VPN gives you complete end to end control over and visibility of your service from a central location
- Whether the internet VPN enables your remote workers to connect securely to your office network (through a virtual firewall)
- Enables you to set and enforce policies to ensure only authorised traffic enters your private network through a virtual firewall
- Allows you to monitor and prevent staff access to malicious content and inappropriate web sites through web content filtering
*Originally pubished on March 20th 2017. Updated May 21st 2019.