Mobile computing continues to grow in popularity. The ability to get information from anywhere is the industry standard.
Consequently, today’s workforce is increasingly mobile. Using mobile devices to accomplish work-related tasks is acceptable and common for many employees.
Security Issues with Mobile Computing
While cloud servers and mobile computing offer convenience for companies, they also bring additional security concerns. When companies make mobile services available to workers, they sometimes overlook basic security precautions and make the following assumptions:
- Mobile devices will be reported lost or stolen immediately.
- Users have an understanding of sensitive data.
- Sensitive data is classified appropriately.
- Employees have a firm understanding of mobile computing’s risks.
Employees Slow to Report Loss/Theft of Company’s Mobile Devices
Technology is available to manage mobile devices and erase company data from them when necessary. However, studies show that once a user misplaces a personal phone or tablet, it takes up to 48 hours before the user reports the device as lost or stolen.
The time for reporting company-owned mobile devices is almost three times that of personal loss reporting. Employees may not use these devices often or they may fear possible financial consequences for misplacing the mobile device.
Company Data on Mobile Devices Requires Better Protection
Keeping track of mobile devices can be difficult. But it is also essential to know what information should go on mobile devices and what should not.
All industries have information they must keep private. Ideally, organizations should provide some reasonable checkpoints to ensure that mobile devices are available to users without being intrusive.
It is critical for employees to understand that data on a mobile is easily compromised, possibly subjecting the organization to costly litigation. Sensitive data such as Social Security numbers and other personally identifiable information (PII) is not always easy to classify as sensitive.
For example, sales calls might be confidential. But data from an electronic check-in system can prove sensitive in places such as patient care facilities.
Failure to Classify Sensitive Data Increases User Errors
Data classification is a serious undertaking. In most cases, classification does not take place before or while users move data to the cloud.
Without a prior classification of data, users make assumptions about what mobile device data is sensitive. A failure to classify data creates opportunities for error by company employees.
Organizations that attempt to classify data as a reactionary exercise find that data is often mis-categorized or improperly identified. As a result, they are more vulnerable to data breaches and the loss of company integrity.
Employee Training Is Inexpensive Way to Mitigate Security Risks
While there are many ways to mitigate the security risks posed by mobile devices and their use, user training is the least expensive and often overlooked solution. Organizations must make data security a shared responsibility. They should implement policies and procedures that minimize exposure and risk.
For example, many companies have a common policy that requires mobile devices to be reported missing within 24 hours. But there should also be a procedure to lock down the phone remotely, as opposed to rendering all data on the phone useless for at least 48 hours.
Security mishaps should not be subject mobile device users to punishment. Instead, any mistakes should be learning opportunities to correct and refine security policies and procedures.
Ways to Enhance Cybersecurity Training and Avoid Data Breaches
By reducing reprisals and encouraging employees to report mishaps promptly, companies could reduce data breaches from lost or stolen mobile devices. Companies could also offer more cybersecurity training and education.
Cybersecurity training for users should not be just an acknowledgement of basic information. It should also use interactive exercises that really display the dangers of compromised data.
Lastly, organizations should ensure that all users understand and acknowledge the risks associated with the freedom coming from mobile computing. Every employee needs to know both the tangible and intangible costs of mobile convenience in order to protect company information.