Mobile device security is, according to ADP Vice President of Global Security Architecture VJay LaRosa, "trending away from risk-based controls in favor of behavior-based solutions."
While 75 percent of employees receive at least one corporate-owned PC-type device, according to Gartner, just 23 percent receive smartphones. Additionally, 61% of Gen Y and 50% of 30+ workers believe the tech tools they use in their personal lives are more effective and productive than those used in their work life.
As workforce dynamics and preferences shift over time, how can you ensure that the increasing presence of employee-owned devices doesn't open up significant security risks? Here are five best practices for boosting mobile device security without undercutting efficacy.
1. Draft a Mobile Management Policy
Protecting mobile devices starts with your mobile management policy. According to VJay LaRosa, Vice President of Global Security Architecture at ADP, creating a mobile management policy means taking a look at what already works strong password protection, encrypted data transmission and app-based permissions and then "adding other risk-based functions such as virtual private network (VPN) connections and per-application defenses."
2. Educate Employees
Next, take the time to educate employees. As noted by LaRosa, corporate mobile devices are now a top target for malicious actors. In fact, 20 percent of businesses have already suffered a mobile breach. Educating staff means covering the basics. For example, remind employees to never download questionable third-party apps. And LaRosa points out that it's a good idea to steer clear of public Wi-Fi networks even if they're encrypted since "you don't know who's on the other end, or if there's a man-in-the-middle."
3. Use the Right Tools
Solid mobile device security also demands having the right tools, specifically enterprise mobility management (EMM) solutions, which can apply network-wide policies to increase total defense. The uptick in mobile attack vectors has led to a widening EMM market, meaning it's essential to select tools that match your organization's needs and budget.
Good catchall features include the ability to control smartphones and tablets on a per-device basis, along with the ability to wipe files and folders remotely. Need more granular control? LaRosa points to options such as always-on VPN connections, which ensure that staff are covered by at least basic protection.
4. Implement Authentication
Passwords alone aren't enough. Two-factor authentication is now the de facto standard, but is it better to opt for typical SMS codes and USB keys or implement something more cutting-edge, like biometric scanning? According to LaRosa, it depends on user action: If staff are simply logging on to check email accounts, the combination of login, password and PIN might be enough. If they're performing high-stakes actions like transferring corporate funds, on the other hand, fingerprint or iris scans may be the better option.
5. Respect the Human Condition
A user is no longer defined by role or title alone, their mobile device is now a core component of corporate identity. The result? According to LaRosa, mobile device security is "trending away from risk-based controls in favor of behavior-based solutions." It makes sense: Users want to be treated like human beings, not devices or numbers.
To effectively govern mobile use, you must rely on a combination of transparent policy communication and the implementation of behavior-based controls that take into account employee privilege level, current and previous use patterns and potential harm to the network. This allows your organization to quickly identify possible patterns of interest without unduly infringing on your staff's ability to use their devices or complete day-to-day tasks.
The bottom line for mobile device security? Effective best practices walk the line between empowering users to solve their own problems and providing IT the oversight required to maximize mobile defense.
Today's threats move fast. Across all of ADP's HCM products and services, we help keep you protected with constantly evolving tools, technologies, expertise, and safeguards. For more, read here.