Today’s workforce is a mobile workforce. Technology has enabled businesses to allow their employees to reach beyond the office walls, doing business and operating effectively from just about any location. SaaS, online access to business data, and smart phone technologies have brought flexibility in working models previously only imagined by the workforce tethered to business locations and office computers. Yet this flexibility comes at a price if the business is to keep up with securing and protecting data assets as readily as it extends access to them. The bad guys are well aware that mobile computing and remote access working models are growing in adoption with businesses, and are finding ways to take ever-greater advantage of the situation.
Teleworking, which is not quite the same thing as telecommuting, is on the rise and it doesn’t look to be a trend that will slow down any time soon. According to GlobalWorkplaceanalytics.com, “telework is defined as the substitution of technology for travel”. Those who work sometimes from an office, but sometimes not, are teleworkers. Working at the office during the day and then taking work home at night makes you a teleworker. The primary tool of the teleworkforce is the smart phone – the mobile computer with built-in connectivity and enough processing power to handle many basic office workloads.
- 50% of the US workforce holds a job that is compatible with at least partial telework and approximately 20-25% of the workforce teleworks at some frequency
- 80% to 90% of the US workforce says they would like to telework at least part-time. Two to three days a week seems to be the sweet spot that allows for a balance of concentrative work (at home) and collaborative work (at the office).
- Fortune 1000 companies around the globe are entirely revamping their space around the fact that employees are already mobile. Studies repeatedly show they are not at their desk 50-60% of the time. http://globalworkplaceanalytics.com/telecommuting-statistics
The number of teleworking employees is on the rise, and so is the variety of devices used to facilitate mobile working. Smartphones, tablets and phablets and, of course, laptop computers are used by mobile workers – often in addition to the company-supplied desktop in the office. The variety and number of computing devices per user is growing. Knowing this, businesses must take increasingly expansive steps to strengthen and secure remote access systems and business data, yet many organizations are just beginning to fully realize that the mobility they extend to their users is part of the reason for the increasing number of data breaches and attacks against business information systems.
Cybercriminals and their crafty programs are often able to steal important information or access a network by first infecting computers and devices used for telework. Many of the devices available to the attackers are not company-owned, but are introduced to the system by contractors, vendors and employees (BYOD or bring-your-own-device users).
Even if the device isn’t a vehicle delivering a nasty payload into the network, data breaches may still occur when business information is stored on an improperly secured device. Most people who work with computers have some recognition of the potential for virus attacks and malware, but far fewer recognize the threat potential of attacks against mobile devices such as phones and tablets, and even fewer may implement meaningful protections on those devices.
“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” said Murugiah Souppaya, a NIST computer scientist. [1]
Providing guidance and information to the public on such topics, NIST (National Institute of Standards and Technology) is revising its publications on telework to cover growing use of BYOD and how contractor and vendor devices are increasingly used to access company information resources. Two new publications – one for organizations and one for users – are now available for review and comment. You can find them here.
“As one of the major research components of the National Institute of Standards and Technology, the Information Technology Laboratory (ITL) has the broad mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology, mathematics, and statistics.” [NIST Information Technology Laboratory Mission]
The rising number of threats, attacks and breaches caused by compromised devices used for teleworking is nothing to take lightly, and protecting against them shouldn’t be approached as a merely perfunctory obligation. Organizations must create and consistently update policies and requirements relating to protecting information accessible by remote workers if they intend to reduce business risk and provide assurances to stakeholders and customers that the information is adequately guarded. But it doesn’t stop with the policy; businesses must also make an effort to properly educate their users (employees, contractors, vendors, etc.) on those policies, ensuring that all parties involved understand the responsibilities and requirements and strictly adhere to them.
Make Sense?
J
Yet the desktop remains as the primary workhorse for most business users. This is where the productivity applications live, where large spreadsheets and full-screen applications are run, and where keyboarders and production data entry users operate. Tablets, touchscreens and mobile devices just don’t provide the same capabilities unless you tether them to full size monitors and keyboards. Even then they may not because they might not run the same OS as the desktop. The point is that the desktop hasn’t gone away and isn’t likely to any time soon. Users may use more mobile apps and devices, but this isn’t diminishing use on the desktop as much as it augmenting it. This is what fuels the interest in application hosting and virtual desktop computing models – the desire to mobilize desktop and network applications and working environments.
Make Sense?
No retailer wants to become the next Target (pun intended). Payment card fraud costs businesses and consumers billions of dollars every year. What’s even more frightening, many of the breaches in the news are the result of innocent participants inadvertently granting access to the bad guys. The Target breach in 2013 exposed the data of 110 million payment cards. Hackers got into the network using perfectly good credentials of the HVAC company. Sometimes password security just isn’t enough, which might bring in to question the security of all those SaaS subscriptions and online shopping sites folks use these days.
As businesses mobilize their workforces and processes the volume and variety of sensitive data passing through and sitting on mobile devices increases dramatically. Even though the business owner or IT manager may recognize the importance of mobile data and device security, doing something useful about it is altogether another issue. New considerations enter into the picture frequently, turning mobile security into a moving target. Protecting the business – the organization, its employees and its customers – requires adopting mobile security strategies that cover a broad range of issues.
Make Sense?
In today’s business world, risk, uncertainty and volatility are just par for the course – everyday realities of simply being in business. Nothing is certain, they say, except death and taxes. Yet there is a fine art to driving profitable growth in a business, and adapting to existing and emerging risk takes a great deal of experience, information and agility. While planning and process development may occur at many levels within the organization, it is the FP&A (financial planning and analysis) capability which helps top performing businesses be top performers.
Cooper Mann Consulting 