Mobile. Work from home. Bring your own device (BYOD). These are all symptoms of a changing workplace that complicates your data security strategy. Employee expectations about work—and how it’s done— shift, it’s up to IT to make sure their hip office culture doesn’t cost them a data breach.
Transitioning to a mobile-centric workforce is a necessity. Today, 81 percent of employees feel positively about being able to work from anywhere in the world, while 49 percent expect it. While it’s clear that we’re in the midst of a seismic shift away from cubicles and landlines, the roots of this change are a little more complex.
Why talent is calling the shots in today’s workplace
The consumerization of IT has shifted IT into the personal sphere. Today, enterprise technologies are mimicking the UX of personal technologies. As baby boomers retire and millennials enter leadership positions, we’re seeing a shift as the workplace transitions to a generation of digital natives that values work-life balance. Finally, the persistent talent shortage in tech has caused organizations to create more inviting workplace cultures and tap into the contractor economy in a bid to fill empty seats.
For business leaders, there’s pressure from all sides to create a workplace culture that’s open, relaxed, and mobile-enabled. It’s up to IT leaders to work closely and mitigate risks in data security, without sacrificing employee mobility.
Staying sane while balancing security and mobility
Mobility at work certainly carries benefits like boosting productivity and flexibility, employee happiness, recruitment, retention, and a host of other important business metrics. However, as CIO’s Ed Tittel points out, mobility can also dramatically increase your total vulnerabilities or “attack surface.” Here’s how real IT leaders are finding balance—without being a target or irritating their entire workforce:
1. Ban BYOD
For some tech leaders, banning BYOD is a hard line. While results can vary, and there are large organizations using BYOD successfully, this approach probably isn’t as “cheap” as it sounds when security breaches happen as a result.
In 2015, a CompTIA survey revealed that more than half (53 percent) of CIOs reported that they banned BYOD to simplify mobile management and mitigate risks. Fortunately, there are better options than mass-issued BlackBerries. Blogger Tori Sutton points to company-owned, personally-enabled (COPE) or choose-your-own device (CYOD) as two possible happy mediums.
2. Do the basics
Malware and malicious hot spots are the two most common culprits at the 21 percent of organizations that have suffered a data breach. While this statistic is horrifying, the upside is that effective mobile device management (MDM) and basic security protocols can help.
IT departments need to work to develop processes, tools, and methods for efficient security in a mobile workplace. Your policy should include:
- Regular anti-malware updates
- Use of a VPN for cloud access
- Two-factor authentication for all devices
- Penetration testing
IT pros can cover these bases without an impact on end-user experience, but they may need to sell the “necessity” to fellow members of the company board. There is hope—35 percent of your peers have already won the right to add more security resources to cover mobile.
3. Consider a Pokémon Go-free workplace
Citing risks to data security, intellectual property, and employee accidents, Boeing has recently joined the ranks of companies that have banned the popular Pokémon Go app from employer-owned mobile devices and the workplace. Does your company need to take such drastic measures? And would a ban on third-party content on corporate mobile devices lead to mass revolt?
There’s no easy answer to whether Charmander-catching should have a place at your organization. Your peers in HR may argue that a total ban on third-party apps could devastate employee morale or even productivity, and they could be right. Geico and Zoosk are just two brands that keep talent happy by openly encouraging employees to have fun at work. The solution could be a partial ban on apps deemed a significant risk to safety and security, and the use of containerization technologies to permit a little Facebook use on the clock. By enabling secure mobile containers, IT can apply unified policies to company-owned or managed mobile devices.
Creating a balanced data security strategy for the mobile workforce in 2016 is enough to keep IT leaders awake at night. To make things even more complex, it’s unlikely that the approach that works for one tech start up will be wise—or compliant—for their counterpart in health care.
Risk acceptance, company culture, and the opinions of leadership are all factors IT pros should weigh when developing a mobile policy that doesn’t win them too many enemies. By minimizing your attack surface, securing enough resources to cover the basics, and drawing a few hard lines, you can significantly improve your security.