The rise of mobile devices has led to a huge shift in the workplace, allowing workers unprecedented levels of flexibility over where and when they work, along with a huge choice in the devices they use to fulfil different tasks, whether a smartphone, tablet, laptop or even one of the newer crop of smartwatches. Companies are moving to adapt to this transformation, spurred on by the potential increase in productivity, and staff satisfaction and retention levels offered by the world of mobile working.
But this mobile shift has brought with it new challenges for IT managers. Some employees will use their own smartphones, tablets and other smart devices for work purposes whether their company authorises them or not. This means firms and IT departments have a much more difficult job to protect corporate data, as mobile has become another channel for information to flow in and out of the company network.
Evidence shows that there is a growing need for firms to act on BYOD security, and act soon. According to the results of research we carried out in conjunction with IBM, 36 percent of firms now have large numbers of staff working offsite rather than primarily in the office, with a further 12 percent having staff who work between the office and remote sites. This compares with 31 percent and five percent, respectively, in the previous year.
These statistics highlight the growing number of mobile workers, who will be using laptops, smartphones and tablets to carry out their normal work duties from outside the corporate boundaries. In turn, this increases the pressure on IT teams and businesses to find the best way to protect these devices, and the data stored and processed on them.
With mobile now firmly embedded in the workplace, it is not always enough for firms to simply have a bring-your-own-device (BYOD) policy, these policies need to be supported by technical systems to ensure mobile data is adequately protected.
We recently hosted an online debate into the whether the rise of the mobile should be allowed to take priority over security concerns, and the IT professionals who participated were divided pretty much in half, with 51 percent believing security takes precedence, and 49 percent backing mobile in the workplace.
It is clear reading through the reader comments that there is a lot of fear and concern about the risks posed by the rise of mobile, and that organisations have some way to go before these concerns are allayed.
As reader Michael C Feltham pointed out: "From a security aspect, allowing personnel to walk around clutching intellectual property and capital is utter insanity. Perhaps worse, is allowing them to walk around with access codes and permissions to the core of a business. That's a job for a firm's security managers, not rank-and-file staff. It’s far easier to mug someone then break into a secure building replete with alarm systems and then try and hack into a properly secure network."
But while Feltham’s views were echoed by many other IT professionals during the debate, others highlighted that even firms who build mobile risk into their security procedures are not always protected.
Another reader gave the example of his organisation, which allows access to email through a private mobile phone.
"They specify a five-digit login PIN has to be set, but it's a royal pain as every time you want to use your own phone you have to go through the company-specified PIN procedure. So we all circumvent the security policy by rooting and installing a tampered version of the email app. Huge security risk, but brought on by the company not consulting with the end users," he explained.
A worrying, and no doubt too-frequent example of why firms need to be smarter about their security policies around BYOD. Mobile in the workplace is not going anywhere, and businesses that fail to stay ahead of their employees when it comes to BYOD use will soon be caught out by security breaches or data leaks.
To get more insights on cyber security, register for the V3 Security Summit now.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance