Shifts such as mobility, the cloud and even workforce composition have created an ever-expanding attack surface that continues to threaten corporate data. There’s a reason that each year we face more data breaches than ever before. It’s now recognized that people are the root cause of most data breaches—as many as 90% of all breaches—and that mobile devices play a growing role in these breaches.
We recently contributed to an article on Business in Vancouver talking about the risk that mobile devices introduce to enterprise security. Joined by a panel of other experts, the article talks about the importance of holistic approaches to cybersecurity. This kind of approach begins with a proper threat assessment to understand the risks and evaluate how mobile devices are used in the workplace and outside it. Topics discussed include authentication, device management, security policies, monitoring and the challenges of the ‘insider risk’.
Eric Aarrestad, senior vice-president of product management here at Absolute, detailed 5 steps to keep data secure on the endpoint:
- Identify what you’re trying to protect. Engage with leadership and legal teams to determine the information your business considers most sensitive and vulnerable to attack.
- Set up access controls. Ensure your mobile security policy addresses how and by whom this data is accessed. Not everyone needs access to everything. Prioritizing access to sensitive data can immediately remove a large percentage of security risk.
- Schedule regular assessments of your security policy to ensure defined processes and best practices are being properly followed. Negligent employees can be the weakest link in your security infrastructure, so it’s important to engage staff through training and testing so that they understand the potential damage caused by their behaviour.
- Maintain oversight of and connectivity to devices that contain sensitive data. Use this connection to monitor device behaviour and invoke remote security commands as soon as you detect suspicious activity. By maintaining a two-way connection with each device, you can determine the details of an event and respond appropriately. Provide IT with a range of options including non-invasive techniques such as user messaging and device freeze through to permanently disabling a device and deleting all of the data it contains.
- Use your network. Share best practices with your peers, learn from each other’s mistakes and develop your security policy based on these lessons.
Our own survey, IT Confidential: The State of Security Confidence, reveals that even those tasked with protecting data are the ones putting it at risk. It’s clear that moving forward requires more than just a mobile security policy, but also adaptive security protocols, a deeper understanding of insider risk and how to prevent and monitor for it, and greater visibility on the endpoint.
Here at Absolute, we help organizations gain visibility into the endpoint, providing them with a reliable two-way connection so they can monitor, assess and respond, regardless of user or location. We go beyond just visibility, giving you the tools you need to respond to security incidents and prove compliance in an audit report.