To say that companies ask a lot from their IT departments is the ultimate in stating the obvious. Not only are they responsible for keeping employees up and running, they’re essentially in charge of keeping the business up and running. They do so much, it’s surprising we haven’t yet put them in charge of making the coffee. That said, we do need their help with another task – one’s that’s worthy of their expertise: To make sure that everyone has secure mobile devices.
In many cases, a company’s IT department does not provide a list of mandatory settings and configurations for the mobile devices that people use for work. This is odd, since they require require these settings for laptops and desktop computers, especially in the enterprise environment.
You would think rules for mobile settings would be a fundamental part of an IT department’s cyber security efforts. After all, mobile devices can access private and corporate data just like laptops. And since laptops require company-approved VPN, why wouldn’t mobile devices require the same?
There are many potential security issues for having employees use their personal devices for work without strict settings policies. Bluetooth, for example, can create major security holes if it’s left on when performing work activities.
Some have suggested that employees, by default, should be prevented from connecting to unfamiliar networks. The thinking also states that if you must use an unfamiliar network, then you must first switch on mobile VPN.
But that’s the crux of the issue. There are no official statistics for this, but those in the industry understand that it is rare for an IT department to dictate which mobile VPN one should use. It may be an even more rare case for an IT department to mandate use of VPN.
Of course, VPN doesn’t protect data the way that many people perceive. An employee may share sensitive data over email with a colleague, which can be viewed by a cyber thief through Bluetooth.
This is why IT administrators must create guidelines for Internet access, passwords, and app installations to create a safe mobile environment. In turn, they have to communicate these rules so employees are clear about the new mobile work protocol.
Since security is one of IT’s main – if not ultimate – responsibilities, it’s time that they make it priority to protect enterprise assets from the mobile end of the spectrum. It just makes sense – a large percentage of company data is now exchanged between mobile devices. Why not protect employees on the go the same way we protect employees sitting at their desks? If an employee claims the new rules are inconvenient, the company could provide an approved mobile device, with the right settings locked in.
IT has options when it comes to making the mobile experience completely safe from cyber attacks. But whatever they do, the need to do something.