Your house and office need keys. Your bankcard and mobile phone need PINs. Your computer and online accounts need passwords. When it comes to software, innate security features are crucial. Those safety features are designed to protect people, the companies that hire them and data entrusted to them. Yet in a time when convenience is king, safety can often slip by the wayside – especially when it comes to mobile devices.
Users behaving badly
Safety measures can only work when they’re implemented. Unfortunately, studies of human behavior show us people don’t always what’s best for them. Behaviors like leaving devices unlocked, downloading apps, browsing invalidated sites and opening unknown e-mail attachments puts users’ personal data at risk. If those same users use those same devices in workplace BYOD programs, that risk grows exponentially.
The best bet for users who are not apt to change their ways is security software. Mobile device security expert Tamara Law suggests software that scans emails, identifies suspicious links on social networking sites and scans apps before they are downloaded. “Over 50 percent of malware is mobile and one-third is aimed at collecting our information. It’s a good idea to take further action – because we’re not going to completely stop downloading e-mails or apps, and we’re always going to be surfing new websites.” Keep track of your online presence as well. “It’s also a good idea to be more cautious about what we post on social networking sites – all the information only helps attackers target us better.”
Businesses offering balance
The challenge for companies is much greater. The information they stand to lose impacts more than a few individuals. But while they have reason to keep data in one centralized location, that idea goes against the trend. Thanks in part to an increase in both cloud-based applications as well as in BYOD programs, the mobile work force is expanding. It’s expected to reach 1.3 billion people (37.2 percent of the total workforce) by 2015, according to research firm IDC. That work force demands quick and easy access, while business and IT leaders demand safety. There are solutions that can please all parties. And with research showing organizations have a lot to gain from stronger, smarter user authentication, those solutions are well worth the effort.
“Enterprises need to become more cyber resilient,” Law advises. “They need to increase their employee security IQ so they don’t engage in risky behavior.” She recommends all employees be authenticated before accessing confidential data, and points out a variety of options companies have to provide both protection and a simple user experience.
- Multilevel Authorizations: Employees provide two factors to log in to the network. Another authorization is needed before deeper or more sensitive information is accessed. Symantec VIP is a two-factor authentication service that provides the second factor. It gives credentials to employees who use them to remotely access corporate systems. VIP is evolving beyond typing. In the near future it will use device IDs and user fingerprints to access corporate systems.
- Digital Certificates: Once downloaded, digital certificates don’t require any additional typing from the user.
- Data Control Policies: Not all employees should have access to all applications. There should also be a central point of control from which access could be monitored.
- Single Sign On: The average user has 26 different accounts and only five different passwords – including the one used to access corporate accounts. Single sign on reduces the likelihood of employees engaging in risky password behavior.
- Application Client Containers: App containers use encryption to collect authentication data from mobile users.
The bottom line according to Law: simplicity. “The easier you make things, the stronger your security will be. It’s about making sure your people, processes, and technology are all working together. Educate your people, make sure you have the right processes to ensure the right people get to the right information – and that you can take action if a mobile device is lost or stolen.”