Organizations with mobile workforces face serious challenges when it comes to their overall cybersecurity posture. As more users leverage laptops, tablets, smartphones and other portable devices, security risks begin to increase in three areas which can be simply categorized as:
Looking at the risk of “what users bring in to the environment”, companies must deal with devices being attached to their corporate networks which have also connected to a user’s home network, public Wi-Fi hotspots and any number of other unsecured networks. These systems are likely not as well protected as those governed by enterprise-class endpoint security tools, and thus, run a much larger risk of being infected with malware, viruses, ransomware, worms and other malicious programs used by attackers. When a user’s compromised device is connected to a corporate network, it introduces the potential for these malicious tools to launch more attacks against the other devices on the network, or serve as a point of entry for a cybercriminal to the network, bypassing all perimeter defenses. There are many strategies that can be employed to defend against this sort of problem, including, but not limited to:
As for “what users take out of the environment”, trying to keep classified or critical, proprietary data safe is a primary need of any organization, regardless of their vertical. Intellectual property theft is a very real problem for almost any organization, and even in areas where it may not seem as obvious. Take universities and other organizations in academia, where research papers and doctoral theses can generate millions of dollars in revenue from grants, government investment or corporate efforts to license the findings for commercial purposes. Users who have access to this kind of critical data could easily copy it to unsecured mobile devices and transport it out of the protected network, compromising the data and potentially impacting the organization for large amounts of revenue. To protect against this kind of data loss and theft, organizations must have strong access controls around who can access information stored across their network, adopt Least Use Privilege policies to ensure that only the users who must have access, do, and for complex access requirements, consider implementing Data Loss Prevention (DLP) solutions which can provide a wide array of logging, tracking, access control, and other data access functions which can prevent a user, whether authorized or not, from exfiltrating critical information out of the environment.
Finally, when organizations begin to expand their workforces outside the confines of a well-controlled network housed in physical office locations, the more common, outdated types of defense strategies start to become difficult to implement and manage. Notions of a traditional Internet perimeter where a firewall can block out unwanted external traffic simply disintegrates when put into practice in today's cloud-based and hybrid environments, and network admins now must wrestle with huge numbers of mobile devices all over the globe which are accessing corporate resources and are being connected to public and unsecured networks. This means that the potential number of devices which hackers can attack goes up dramatically, and the ways in which they can be protected starts to shrink.
It’s imperative that organizations find security solutions that will scale up alongside not only the sheer volume of additional devices being used, but the scope of where and when these devices are used to perform work. Leveraging cloud-based technologies to store data centrally can be one option, provided that sufficient technological controls and legal protections are in place. Additionally, more and more security vendors are providing strong cloud-based solutions which can scale up quickly and easily to identify and protect your devices wherever they are in the world and provide centralized management functionality to your internal IT staff responsible for controlling these assets.
While there are a number of challenges for all organizations as they move to and utilize a more nimble and mobile workforce, with proper planning, strong controls and using scalable cloud-based security technologies, they can reduce their overall risk of loss while dramatically increasing the security posture of the environment as a whole.
Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security insights, you can find us on Twitter and LinkedIn.
Gartner has positioned Vodafone as a "Leader" in its Magic Quadrant for Managed M2M Services, Worldwide report 2017, for the fourth consecutive year