For example, if a worker accidentally leaves an unsecured corporate-issued smartphone or tablet at a café, the next customer may be able to use the device to access a presentation about a commercial deal at a sensitive stage, or a spreadsheet with lists of customers and their personal details. A person accessing corporate systems over an insecure network may inadvertently be sending in-confidence information to a malicious person who has used malware to ‘listen in’ to communications.
To help minimise the risk to your business of mobile access to corporate resources, you need to address three questions:
- How am I managing and protecting the mobile devices used to allow workers to access corporate data and applications?
- How am I protecting the corporate/confidential information that can be accessed via mobile devices?
- How am I protecting the corporate/confidential information that traverses the internet from mobile (and other) devices to my business?
To protect the smartphones and tablets (and the data they hold) used to access corporate resources, device management is key. When reviewing device management products, look for the following features:
- The product includes tools that enable your business to enforce policies such as locking all registered mobile devices with PINs that the user must then input to gain access to the device and its functions
- The product enables administrators to require that certain applications (including antivirus, antispyware and other security software) are installed on the device when it is set up
- The product includes functions that allow administrators to determine the roles and privileges that each remote access user has. This protects sensitive information and minimises the risk of data leakage
- The product includes applications that capture and report on how corporate information is used on the remote access device to provide an audit trail and allow the business to comply with regulations and governance rules
- The product protects data by limiting the ability of employees to cut and paste data from corporate applications into personal systems, or provides access to secure file sharing and syncing
When reviewing products that protect mobile devices, you should look for functionality that enables administrators to remotely lock devices, or wipe devices by deleting data and software they hold.
This ensures that anyone who picks up a smartphone, tablet or laptop left by a worker on a train, in a café or any other location cannot access any sensitive information (including business data and passwords) on the device.
Businesses also need to consider is how to protect information as it flows between workers’ computers, phones and tablets, and corporate systems. By implementing an internet VPN that provides a secure ‘tunnel’ for information to travel between devices and corporate systems, businesses can stop unauthorised (and potentially malicious) people viewing and potentially stealing or otherwise interfering with that data.
Deploying an internet VPN can also allow businesses to protect their workers and systems without undertaking labour-intensive activities such as configuring manual systems in each remote office they operate.
When determining which internet VPN best suits your business, consider:
- The ease with which the internet VPN can be set up
- Whether the internet VPN allows you to remotely perform configuration changes on demand
- Whether the internet VPN gives you complete end to end control over and visibility of your service from a central location
- Whether the internet VPN enables your remote workers to connect securely to your office network (through a virtual firewall)
- Enables you to set and enforce policies to ensure only authorised traffic enters your private network through a virtual firewall
- Allows you to monitor and prevent staff access to malicious content and inappropriate web sites through web content filtering
Enabling remote access through mobile devices can deliver a range of benefits to small-medium businesses. However, these can only be achieved by businesses that are prepared to secure the devices, people, information and networks involved in the process.