Though many organisations are aware of the security risks associated with having company data on employees' mobile devices, few have measures in place to reduce this risk.
So says Doros Hadjizenonos, sales manager for southern Africa at Check Point Software Technologies, who believes mobile devices are going to become essential in most IT-centric organisations - for both businesses and their customers.
According to Hadjizenonos, mobile devices today connect to the business network and store business data, such as e-mails, attachments, documents, contacts, customer information and suchlike.
However, he points out that this data is at risk, and can be exposed to access by unauthorised people relatively easily.
In order to gauge the usage of mobile devices within organisations, ITWeb, in partnership with Check Point Software Technologies, today unveiled the Mobile Security Survey.
“We would also like to find out about the security concerns these organisations have in using mobile devices like smartphones to run their business applications,” says Hadjizenonos.
He explains that anybody who can access a smartphone can also access its data if it is not password-protected. Even devices that are protected can be hacked and their data extracted, he adds.
“Typical users mix business and personal data - such as e-mails and contacts. Many times, users send business data from their personal e-mail addresses. Users can share and view business attachments with any third-party application - such as Dropbox, Evernote, etc.
“This data, which sits in the cloud, can be replicated among many other devices of the user - such scenario may result in sensitive business data that is being duplicated in a fast and transparent manner among many untrusted devices,” Hadjizenonos states.
Regardless of the risks mobiles pose to business, Hadjizenonos maintains that organisations should not stop their employees from using their devices for business.
“Security should not stop the business, but be an enabler. Organisations need to learn how to balance usability and security and allow BYOD [bring your own device] in a way that will allow the user the maximum freedom while securing the connectivity to the business and protecting business data stored on their mobile devices.”
However, he notes that in order to minimise the security risk of losing business data, organisations must adopt a strategy of separating business data from personal data on the device, and protect it.
“They need to provide the users an ability to authenticate to the business data while continuing to work freely on their personal data and personal apps; the ability to encrypt business data, and, eventually, the ability to remote-wipe only the business data if the device gets lost, or an employee stops working for the company, without wiping any personal item or application.”
He also urges organisations to educate staff about the risk of consuming data on untrusted devices, and implement solutions that enforce the organisation's security policy in the most unobtrusive way.
“It is also key that the technology that is chosen to protect the mobile devices should assist in the education process by interacting with the end-user to give simple and meaningful messages and to provide self-remediation.”
Click here to complete the survey.