How to Safeguard Your Mobile Devices Against Security Breaches and Outages
The chance of a privileged-information leak grows with every tablet or mobile phone in circulation. With the rise in work mobility and the upward trend of BYOD, companies are increasingly at risk of security breaches, especially when they’re hit with the unexpected — from lost or stolen employee phones, network viruses, or even hurricanes.
That’s a big reason why “disaster recovery management” is now a growing emphasis for business — not only for outage protection and business continuity, but also to address stricter security needs. Disaster recovery, or DR, is the process, policies, and procedures for recovery or continuation of critical infrastructure after a natural or human-induced “disaster.”
According to industry research compiled by ioSafe, citing reports from Gartner and the International Data Corporation, the cost of business “downtime” can run as high as $90,000 an hour — although only about 35 percent of small and mid-sized companies have a DR plan in place. The same research suggests that close to 70 percent of all successful network attacks come from employees or business insiders.
And though nearly half of CIOs now use iPads for business, many DR plans still only view mobile devices as a means of continuity following a crash. However tablets and smartphones are increasingly becoming interchangeable with the “real” work station, meaning more and more data and information is stored on mobile devices, and thus at risk. Companies need to stay a step ahead of that crash or hack or lost smartphone — in fact Venafi, an enterprise key and certificate management company, predicted that 67,000 phones were likely to be lost or stolen in London during the Olympics, translating to 214 terabytes of “potentially sensitive data.”
A CIO’s mobile DR policy should extend beyond backup, so here are five recommendations for protecting and securing your mobile users:
- Create a quick process for wiping a device: If the wrong person gets his or her hands on a mobile device with access to sensitive data, it could prove disastrous. Most devices can be remotely wiped with an OS self-destruction program (after a few failed logins, for instance), or manufacturer techniques such as Find My iPhone or Windows Mobile 5.0 with Exchange Server 2007. More robust protection can be provided through an MDM system. Choose the one best for your enterprise and test, test, test!
- Establish a clear policy: By creating a checklist for enabling your company’s business devices — and sticking to it — you’ll be more nimble when responding to a disaster. First and foremost is deciding what data and applications are needed on which devices. These can be packaged into bundles for easy issuance (and for quick removal when an employee is leaving). In addition to lessening your IT department’s administrative burden, standardization will help you better identify an suspicious activity, including during central-server authorization.
- Use the desktop virtualization model: By treating mobile devices as remote clients, employees can use their desktop and collaborate while all processes are actually taking place in the main data center. Virtualization’s proven recovery time objective (RTO) offerings can certainly extend to your growing number of work-use devices.
- Set reasonable restrictions: This can potentially save your company a lot of headaches if a device is lost or stolen. For each department, assess which applications and data are essential to working off a tablet or smartphone, and limit all other sensitive information. Your account team may need to access to your CRM, but not the sensitive materials on Sharepoint.
- Craft a clear employee agreement: Establish ownership of data and processes in the event of a mobile data compromise and communicate this to your employees. As Techworld recently pointed out, things can get tricky with personal and professional data on the same device. Make sure employees are aware that protecting the company may potentially result in the loss of certain files, including all those baby photos.
The most important part of any DR plan is constant testing. After you find the right methods for your company and an acceptable RTO, there’s nothing left to do but try it out in the field.
Image vis Cellphone-Expert.com.