Today’s workforce is a mobile workforce. Technology has enabled businesses to allow their employees to reach beyond the office walls, doing business and operating effectively from just about any location. SaaS, online access to business data, and smart phone technologies have brought flexibility in working models previously only imagined by the workforce tethered to business locations and office computers. Yet this flexibility comes at a price if the business is to keep up with securing and protecting data assets as readily as it extends access to them. The bad guys are well aware that mobile computing and remote access working models are growing in adoption with businesses, and are finding ways to take ever-greater advantage of the situation.
Teleworking, which is not quite the same thing as telecommuting, is on the rise and it doesn’t look to be a trend that will slow down any time soon. According to GlobalWorkplaceanalytics.com, “telework is defined as the substitution of technology for travel”. Those who work sometimes from an office, but sometimes not, are teleworkers. Working at the office during the day and then taking work home at night makes you a teleworker. The primary tool of the teleworkforce is the smart phone – the mobile computer with built-in connectivity and enough processing power to handle many basic office workloads.
- 50% of the US workforce holds a job that is compatible with at least partial telework and approximately 20-25% of the workforce teleworks at some frequency
- 80% to 90% of the US workforce says they would like to telework at least part-time. Two to three days a week seems to be the sweet spot that allows for a balance of concentrative work (at home) and collaborative work (at the office).
- Fortune 1000 companies around the globe are entirely revamping their space around the fact that employees are already mobile. Studies repeatedly show they are not at their desk 50-60% of the time. http://globalworkplaceanalytics.com/telecommuting-statistics
The number of teleworking employees is on the rise, and so is the variety of devices used to facilitate mobile working. Smartphones, tablets and phablets and, of course, laptop computers are used by mobile workers – often in addition to the company-supplied desktop in the office. The variety and number of computing devices per user is growing. Knowing this, businesses must take increasingly expansive steps to strengthen and secure remote access systems and business data, yet many organizations are just beginning to fully realize that the mobility they extend to their users is part of the reason for the increasing number of data breaches and attacks against business information systems.
Cybercriminals and their crafty programs are often able to steal important information or access a network by first infecting computers and devices used for telework. Many of the devices available to the attackers are not company-owned, but are introduced to the system by contractors, vendors and employees (BYOD or bring-your-own-device users).
Even if the device isn’t a vehicle delivering a nasty payload into the network, data breaches may still occur when business information is stored on an improperly secured device. Most people who work with computers have some recognition of the potential for virus attacks and malware, but far fewer recognize the threat potential of attacks against mobile devices such as phones and tablets, and even fewer may implement meaningful protections on those devices.
“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” said Murugiah Souppaya, a NIST computer scientist. [1]
Providing guidance and information to the public on such topics, NIST (National Institute of Standards and Technology) is revising its publications on telework to cover growing use of BYOD and how contractor and vendor devices are increasingly used to access company information resources. Two new publications – one for organizations and one for users – are now available for review and comment. You can find them here.
“As one of the major research components of the National Institute of Standards and Technology, the Information Technology Laboratory (ITL) has the broad mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology, mathematics, and statistics.” [NIST Information Technology Laboratory Mission]
The rising number of threats, attacks and breaches caused by compromised devices used for teleworking is nothing to take lightly, and protecting against them shouldn’t be approached as a merely perfunctory obligation. Organizations must create and consistently update policies and requirements relating to protecting information accessible by remote workers if they intend to reduce business risk and provide assurances to stakeholders and customers that the information is adequately guarded. But it doesn’t stop with the policy; businesses must also make an effort to properly educate their users (employees, contractors, vendors, etc.) on those policies, ensuring that all parties involved understand the responsibilities and requirements and strictly adhere to them.
Make Sense?
J
Yet the desktop remains as the primary workhorse for most business users. This is where the productivity applications live, where large spreadsheets and full-screen applications are run, and where keyboarders and production data entry users operate. Tablets, touchscreens and mobile devices just don’t provide the same capabilities unless you tether them to full size monitors and keyboards. Even then they may not because they might not run the same OS as the desktop. The point is that the desktop hasn’t gone away and isn’t likely to any time soon. Users may use more mobile apps and devices, but this isn’t diminishing use on the desktop as much as it augmenting it. This is what fuels the interest in application hosting and virtual desktop computing models – the desire to mobilize desktop and network applications and working environments.
Make Sense?
No retailer wants to become the next Target (pun intended). Payment card fraud costs businesses and consumers billions of dollars every year. What’s even more frightening, many of the breaches in the news are the result of innocent participants inadvertently granting access to the bad guys. The Target breach in 2013 exposed the data of 110 million payment cards. Hackers got into the network using perfectly good credentials of the HVAC company. Sometimes password security just isn’t enough, which might bring in to question the security of all those SaaS subscriptions and online shopping sites folks use these days.
As businesses mobilize their workforces and processes the volume and variety of sensitive data passing through and sitting on mobile devices increases dramatically. Even though the business owner or IT manager may recognize the importance of mobile data and device security, doing something useful about it is altogether another issue. New considerations enter into the picture frequently, turning mobile security into a moving target. Protecting the business – the organization, its employees and its customers – requires adopting mobile security strategies that cover a broad range of issues.
Everything is moving to the cloud! Everything is going online! At least, that is what they’re telling you. And, to a certain extent, it is true that a lot of things are moving to the cloud; just not everything. 
Devices are more powerful so that they can run more applications – fast – and deliver more useful functionality to the user. Maybe the data will be in a cloud, and maybe even some app functionality will be delivered via a cloud, but it is very unlikely that everything will be in the cloud. Complexity and cost drove developers to seek out alternatives, and advancements in technology will introduce new options that change everyone’s thinking again. While the 
Information technology and the “cloud” is amazing. With the right IT resources and connectivity, individuals and small businesses are able to compete at global levels with much larger organizations, and are proving that placing focus and attention on the right aspects of the business helps the business perform better. The right IT approach is to use technology to make the business smarter so more gets done in less time and with fewer resources – this is wearing the bunny slippers. The goal is leveraging systems, software and connectivity to be more efficient and effective, creating the time to stop and think for a while, innovate, or simply relax.
When I first started my business, like many start-up operations, I decided to 
Cooper Mann Consulting 