Organizations today are allowing more employees to work remotely. This mobile workforce can often make an organization nimble and may help reduce overhead costs, especially when it comes to physical office space. Worldwide, as many as 1.87 billion workers may be telecommuting by 2022 – accounting for 42.5 percent of all workers.1
A mobile workforce has benefits, but it’s also made organizations more vulnerable to security breaches or other types of cybercrime and scams. According to a global survey, 20 percent of companies have had their mobile devices breached by a cyberattack and 24 percent didn’t know whether or not they had ever been breached.2
With proactive planning, organizations can minimize the risks that come with a mobile workforce, without imposing cumbersome security procedures. “One of the most important purposes of security today is enabling things like a mobile workforce,” says Scott Johnson, information security manager at U.S. Bank.
These five steps can help your mobile workforce avoid security risks.
Before putting a mobile security plan in place, take inventory of your organization’s vulnerabilities, Johnson recommends. That means understanding what your mobile workforce looks like and tailoring your security plan accordingly.
Remember that your mobile workforce may be complex. You may have employees who work from their homes on company devices part time. Employees may permanently work remotely, or they may travel for work and perhaps use only their personal devices. Regardless of the details, any worker with access to company data or systems from outside of your physical office, where you can better control access, is part of your mobile workforce.
To help you define your workforce, consider these questions:
The answers to these questions will help inform your strategy. “How you secure your operations might be a little different based on how your workforce actually looks,” Johnson says.
Employees may not be aware of the risks that come with the applications they use.
For instance, cybercriminals or scammers may be able to gain access to an employee’s phone through a hacked application. Once they have access to the phone, they may be able to get around other security protocols, such as email passwords or encryption, possibly stealing sensitive organizational information.
Many organizations turn to “container” solutions to prevent these breaches, Johnson says. Essentially, a container solution can assure that data – sensitive or otherwise – isn’t shared outside of your organization’s network.
Containers restrict the apps you can use on your phone, redirecting data streams through protected servers. An organization might set up and issue mobile devices to allow easy access to needed tools, such as email or PowerPoint. At the same time, access to riskier sites, such as some social media sites, can be blocked. And, as a fail-safe, these systems can also provide technology teams with the ability to wipe data from a mobile device if it’s missing or stolen.
In some cases, employees may not always be working on employer-provided devices.
“When an employee’s personal device isn’t directly controlled by your organization, you can still put protocols in place to help minimize fraud,” Johnson says. In many cases, employees may be open to having security applications or VPN solutions installed on their personal devices, which can create a secure connection back to your network.
“Your mobile device vendor should be able to advise your organization on the best solutions for your needs,” Johnson says. “It’s knowledge that’s very readily available.”
Maintaining an internal website that’s updated frequently with news of security risks can help keep your workers informed, Johnson says. If employees know about risks, such as phishing, where scammers try to solicit sensitive information over email, they’re more likely to recognize them when they see them.
Wi-Fi is a big risk for many organizations with mobile employees, Johnson says. “I’ve always advised users to be very cautious of Wi-Fi hotspots in airports and other places that are public,” he says. “Those connections are not secure.”
The owner of a public hotspot may have access to applications that allow for easy spying on users. If your team travels often, consider providing them with their own hotspot or a VPN line.
When you‘re selecting a vendor to monitor your office environment, look for one that has mobile protections integrated into its platform, Johnson says. Find out if they can automate certain protections, such as blocking suspicious emails before they reach employees’ inboxes.
Some providers are set up to identify typical behaviors your team will exhibit when logging into a device or using it. And they alert you to the possibility of fraud if their applications detect unusual activity, Johnson says.
If you’re not experiencing any breaches, you may feel confident that your mobile security program is working. However, if there are breaches that aren’t immediately evident, your anti-malware software can help you make sure that employees’ devices are protected. “If you’re trying to give people the option to work remotely,” says Johnson, “you’ve got to make things work as seamlessly for them as if they’re at the office.”
Read more on the topics of cybersecurity and how to protect your organization from fraud.