Mobile security risk

Portable devices represent a new threat to safely securing your firm’s sensitive data, writes John Dryden of IT Lab.

It wasn’t too long ago that investment firms kept all of their sensitive data on servers based locally at their offices. Equally, this information was accessed solely on static computers based on-site – and information rarely left the office in any capacity. This didn’t mean that the firm's data was completely safe from hackers – who could penetrate a firm's’s network via email or internet hacking, but by keeping both the data and the means of accessing it all in one place, managing this threat was relatively easy. 

As portable technology has grown increasingly popular over the last decade, access to sensitive information from a range of devices has now become the norm. Many employees are opting to use their own mobiles for both personal and professional purposes, which poses a real security threat for firms unless it is managed effectively. 

Portable devices have fundamentally changed the way firms operate and have given far greater flexibility to employees as well as breaking down the boundaries of international business. But with this flexibility comes greater risk and responsibility – both for employees and businesses. 

Unfortunately, many firms rely on ‘educating’ staff on the importance of protecting data alone and insisting solely on additional pin and passcodes for mobile devices. However, this does not protect data from the most savvy of hackers who are able to access the phone, often through Wi-Fi connections or ‘jail breaking’. What’s more, portable devices are also ‘losable’ devices!

Many employees are opting to use their own mobiles for both personal and professional purposes, which poses a real security threat for firms unless it is managed effectively 

Quite simply, firms regardless of their size need to have a security policy in place that can be rolled out across the board and without exception. Encrypting data using software such as ‘MobileIron’ or ‘Good Technology’ allows encryption of all sensitive emails and attachments. More importantly, users are only able to view and save data in approved platforms so there is no possibility of downloading to unsecured areas within the phone or online. Previously, once downloaded, data would automatically unencrypt and defeat the objective of the security software. But as hackers grow increasingly resourceful, so too have the software developers combating cyber crime. 

Something firms need to be aware of when choosing their method of security is to choose a provider that caters to all platforms – iOS, Android and Windows 8. As employees are using devices that they have chosen and paid for themselves, firms must ensure that the technology they implement is compatible with all possible operating systems. 

Additionally, when considering software to be used on an employee-owned device, it is important to choose one that offers remote access and control. This allows the IT specialist – be they in-house or outsourced – to manage the employee’s access levels at various times but most importantly to revoke it when the staff member leaves the business. Simple ‘pin and passcode access’ means that phones must be wiped to ensure all data is removed – but this also permanently destroys all personal data on the phone, such as photos and contacts. 

Implementing a comprehensive mobile security system need not be a costly process but can ensure protection for both your own information and your clients. But as both deterrent and insurance policy, any outlay on good IT security is likely to be more than made up for by the losses it will prevent.

John Dryden is chief technological officer of IT Lab, an IT support company.