The demand for more mobility, the growth of the cloud and the expansion of the Internet of Things (IoT) will influence all sectors in the coming year. However, every opportunity this represents for business is also an opportunity for hackers and scammers. Three Ireland’s Business Director Eóin MacManus explains.
The importance of digital technology to every part of your business shows no signs of slowing down. Although mobile devices, the cloud and IoT will play a leading role in the future success of your business, they represent a cybersecurity triple-threat – so where are you vulnerable and how do you defend your business?
ONE // Mobile
Defending a moving target
Every mobile device used by your employees represents a potential security or data breach, anywhere, any time. Your cybersecurity must prevent any breach while addressing two challenges: people and GDPR.
Challenge 1: people
Your employees pose a greater risk to the security of your business data on mobile devices than cybercriminals do. Using mobiles for work demands rigorous security policies. However, if users forget or wilfully ignore a policy, it’s completely ineffective, so it must be backed up by the right technology.
Business or pleasure?
Keeping work and personal lives separate is not only good for employees’ productivity and mental health, but – where mobile devices are concerned – good for your business’s cybersecurity too. Business data that is not securely separated from personal communications and apps risks unauthorised sharing, hacking, and exposure of the corporate network to malware from corrupted apps or unsafe sites.
Don’t be in the dark on ‘Shadow IT’
Employees can be blinkered about data security and ingenious about technology work-arounds. If you, as their employer, fail to provide them with the tools they perceive they need, they will not hesitate to use alternatives. For example, Dropbox for sharing files with colleagues, or public networks for confidential business communications.
Lost and found
The most obvious risk of all when you combine people, devices and mobility is the device getting into the wrong hands. Loss or theft of a device that holds business data in an insecure state is like handing over the keys of the company safe to a criminal.
Challenge 2: GDPR versus dynamic perimeters
If only protecting your data was as simple as securing your server, then achieving GDPR compliance would be a cinch. Unfortunately, any mobile device that holds any business data at all is equally subject to the regulation and requires just as much protection. Any smartphone, tablet or laptop – whether a business device or an employee’s personal device used for business purposes – must comply with all the regulations for data storage, handling and security, just like your PCs and servers.
Arguably, since your servers can’t go to bars, travel on buses, or be stolen from someone’s jacket, the security on a mobile device must be even tighter.
The solution? Mobile Device Management.
Mobile Device Management solutions can enable you to:
• enforce your security policy;
• manage users and devices remotely;
• comply with regulations such as GDPR;
• manage Bring Your Own Device (BYOD) policies;
• separate personal and business apps; and
• update devices in a controlled manner.
TWO // Cloud
Protecting what you can’t see
The conversation about cloud adoption is over. Now it’s a given that the cloud enhances both productivity and efficiency, the discussion moves on to how you ensure the security of something you probably can’t locate and definitely can’t see.
Challenge 1: cyber attacks
Intel Security’s 2017 survey on the state of cloud adoption and security, Building Trust in a Cloudy Sky, showed that cloud is the new normal for enterprise apps, with 93 per cent of organisations using cloud services and 74 per cent storing some or all of their sensitive data in the public cloud.
Where businesses lead, cyber criminals and state-sponsored hackers follow. The more the cloud is used, the more of a target it becomes for cyber-attacks. As with servers and mobile devices, strict strategies are needed for data security and governance in the cloud to mitigate the risk of exposure.
Challenge 2: GDPR
If your business has data stored in the cloud, you will need to know the physical location of the data centre infrastructure, as this will dictate which jurisdiction’s data protection laws (usually Europe’s or the USA’s) it is subject to.
The benefit of the cloud is that regardless of where the data physically resides, it can be accessed from anywhere. The potential danger is that it can be accessed by anyone. To prevent data loss and data breaches, and ensure GDPR compliance, it is essential to have strong and effective security policies and technologies in place.
The solution? Mobile Content Management.
A Mobile Content Management solution can enable mobile device users to:
• connect securely to the cloud, on-premise servers, or both;
• connect to existing data repositories;
• share files securely; and
• collaborate on the move.
THREE // IoT
When everything is a security risk
IoT is about connecting everything that can generate data to the internet. The benefit is huge amounts of valuable data. The challenge is to make security effective over such a vast network of devices.
Challenge 1: device security
The sheer number and variety of connected things makes IoT security a sizeable challenge. On the positive side, many of the SIMs used for IoT connectivity will have either a limited or non-existent user interface, which makes hacking more difficult. On the negative side, they will often be installed in remote locations, which makes straightforward physical theft a greater threat.
A significant change in the data generated may indicate that circumstances have changed – suggesting fraud or theft – but sending an engineer to investigate remote devices may be time-consuming and costly.
Challenge 2: GDPR
IoT is driving a huge increase in data gathering and availability. Although much of this data will not be of a personal nature, significant amounts, such as from healthcare monitoring devices, will be both personal and extremely sensitive.
As outlined above, insecure devices may allow unauthorised or criminal access to the data. In addition, holding large amounts of personal data demands robust security to avoid breaches, GDPR non-compliance and the associated financial costs and reputational damage.
The solution? Security at every stage.
The ubiquity of IoT makes it essential to install, maintain and instil security at every stage, from the remote devices themselves, through the communications layer, to the back-end data handling and storage.
At the device level, one solution is to seal the devices so the SIM can’t be physically accessed. Another is to configure the SIM so that if it’s removed from the original device it can’t be used in any other. Thirdly, alerts can be set up to send notifications if a SIM or the data it is providing has changed, which may suggest theft or fraud.
At the handling and storage level, many of the challenges and solutions covered in the mobile and cloud sections will apply, though the sheer amount of data involved may magnify the scale of the problem. Ensuring you work at every stage with providers who themselves maintain a highly compliant culture, will help you optimise not only security and compliance, but also the opportunities offered by IoT’s big data.
For more information or to discuss your Managed Mobility business needs
T: 1800 330 303