Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
It’s no secret that mobile security is a key issue for businesses in every sector. As mobile devices have become effectively ubiquitous, a growing number of employees now regularly use these tools for work-related purposes. While this bring-your-own-device trend has the potential to significantly improve worker productivity and even job satisfaction, it also creates very serious cybersecurity risks.
Naturally enough, IT and business leaders now recognize these threats and are taking steps to protect their networks and their data. However, as decision-makers move forward with such plans, it is imperative to ensure that cybersecurity policies take into account the user experience. As Dionisio Zumerle recently wrote in Forbes, mobile security strategies that ignore this issue may create more problems than they solve.
“A blanket mobile security policy is not viable in today’s workplace.”
The right balance
In order to achieve mobile security within a business, the most obvious option may seem to be simply forbidding the use of personally owned mobile devices for work-related purposes. As Zumerle asserted, though, such a blanket policy is not viable in today’s workplace. He pointed out that employees are now effectively accustomed to having the option to use a variety of different devices, including both corporate-owned and personal gadgets, to access and use work files. As a result, traditional end point-focused security approaches will fail to truly protect the company and its digital assets – businesses need to recognize the popularity of BYOD and develop new strategies that specifically address this state of affairs.
Essentially, the writer explained that the best way to achieve security in the mobile realm is by offering employees options that are both secure and effective. Addressing security concerns without accounting for the user experience will force employees to choose between complying with corporate rules and convenience for their day-to-day job responsibilities. Many workers will inevitably choose the latter route.
In other words, mobile security policies that do not accommodate employees’ job responsibilities and preference convenience will contribute directly to the rise of shadow IT. Workers will become likely to continue using their mobile devices, including apps they downloaded without the IT team’s permission, all while hiding this behavior from their superiors for fear of reprisal. Not only does this undercut the cybersecurity measures put in place, but it also makes it even less likely that the company’s IT security team would be aware of the extent of the organization’s vulnerabilities in this area. That greatly increases the likelihood that the firm will be targeted by, and succumb to, external cyber attackers.
Developing a plan
The question, then, is how to develop a plan that reflects the ideal balance between mobile security and worker needs and expectations.
This is easier said than done, as many companies’ IT teams have discovered. Ultimately, it is certainly achievable, but only under the right circumstances.
First, the IT team must work closely with end users to determine what type of functionality and freedom is necessary for workers to remain satisfied with their mobile resources. Without this insight, IT decision-makers will be forced to rely on assumptions, which in turn will likely lead to restrictions that employees resent and, eventually, ignore.
Second, IT personnel must take the time to thoroughly educate the workforce in regard to mobile cybersecurity’s importance. Numerous surveys have found that employees tend to underestimate the severity of mobile cyber threats, and many are unaware of the steps they can take to better protect their devices. With the company’s overall cybersecurity in the balance, it is incumbent for the IT team to address these shortcomings throughout the organization.
Are you unsure about how to deal with mobile security in your organization? Knowledge is power and you can learn more about securing your mobile devices by reading our book, Cybersecurity in Our Digital Lives, here. Our cyber experts can help you develop cutting edge policies and tactics to help you deal with this emerging threat.