Mobile devices and apps are how work gets done these days. Employees aren’t tied to their desks, work doesn’t always mean sitting down from 9-5 and meetings can take place anywhere from a coffee shop to the sidelines of a soccer game. However, as the adoption of mobile devices (smartphones and tablets) continues to increase, both employers and employees need to be aware of their company’s security policies.
According to the International Data Corporation (IDC), smartphone shipments to the Middle East and Africa saw unprecedented year-on-year growth of 83% in Q4 of 2014. Another report by Forrester, found that only 57% of employees are aware of their company’s security policies, which means that 43 percent or more might be actively bypassing company security policies and not even know it.
So what does that mean for businesses? As mobile device adoption grows and the concept of work continues to change, employees are going to use the apps and devices they want to make them feel more productive – with little consideration for company policy. When employees go around policies for email access or they copy sensitive enterprise data to their personal devices and use consumer apps, that’s called Shadow IT.
Company security policies are often seen as too invasive and hard to understand– but this situation has to improve to protect sensitive company data. So, to make it easier on businesses and employees, I’ve outlined a few best practices that will help businesses protect what matters by safeguarding data in use, in transit and at rest to let employees focus on their work. After all, it’s all about user experience!
1. Control access and educate your workforce
Create policies that work for your business. You can do this by getting to know your workforce. Set up regular meetings with business groups to understand their needs – met and unmet. Then, create policies based on those needs and the governance requirements of the business. And don’t forget to encrypt everything!
2. Enforce policies to reduce attack surfaces
Make sure policies don’t lose value over time by enforcing penalties for bypassing them. Reduce attack surfaces for hackers or malicious insiders by securing applications and data through virtualisation, containerisation and secured networking while encrypting data in use, in transit and at rest.
3. Track behavior and learn from it
Monitor activities on the network and within apps to stay aware of what’s going on within your business – who’s accessing data from where and when – and take action as needed. Be consistent in policy enforcement and understand the difference between compliance and security. Just because policies are compliant, doesn’t mean they measure up to today’s threat landscape or risks unique to your business.
Shadow IT can be tough to tackle because companies don’t always know what devices and apps employees are using or how they’re circumventing company policies. Following the steps above will help businesses get processes in place to partner with their employees to keep business information safe and private throughout the security lifecycle.