Secure Mobile Working: Adopting a More Serious Approach in 2019

Peter Barker

Peter Barker

Over one third of the global workforce is already mobile. Indeed, this cohort is estimated to exceed 50% by 2025. That’s according to research conducted by industry analyst Quocirca last year, writes Peter Barker. Other studies suggest similar figures, so it’s fair to suggest that remote and mobile working are not just an add-on to the traditional office. Rather, these ways of working are replacing the traditional office.

‘Mobile first’ is a concept talked about in the telecoms industry where mobility is put at the heart of how an organisation operates and it’s gradually beginning to happen, albeit more easily for newer organisations or those ‘born in the Web’ as opposed to more traditional ones that have legacy infrastructure, processes and culture to change.  That said, by 2025, millennials will account for around 75% of the working population (once again according to Quocirca’s own research), the first generation to have grown up with digital technology being part of their everyday lives, not least of which is the mobile phone.

Integration of business applications on to mobile phones is accelerating, including collaboration tools, video conferencing, access to CRM, ERP, accounting and a whole host of other systems that, until very recently, were only accessible via desktop computers and laptops. The mobile phone truly has become a pocket office. Over half of all Internet traffic is now via mobile devices.

Embracing BYOD in the workplace

Smart phones are also connected to a range of machine-to-machine or Internet of Things (IoT) products, including mobile-to-printer communications, barcode or QR scanning, payment apps, digital ticketing and so on. Of course, a lot of these are personal apps, but with many people using the same smart phone for work as they do for their domestic lives, work and personal content or activity is being processed through the same device often with multiple Inboxes. According to research commissioned by Bitglass in 2018, no fewer than 85% of today’s organisations are embracing Bring Your Own Device (BYOD).

Clearly, we are living in an increasingly mobile-centric world, which in turn puts the spotlight on mobile security. Worryingly, the latter is still not central to every organisation’s cyber security strategy. According to Bitglass’ research, only 30% of those organisations surveyed say they are confident that they’re properly defended against malware on personal and mobile devices.

This is despite the same research finding that more than half of respondents believe that the number of threats targeting mobile devices in the past year has increased.

Similarly, research carried out by iPass last year found that 57 Chief Information Officers suspect their mobile workers have been hacked or caused a mobile security issue in the past year.

We’re all responsible

Securing the mobile workplace isn’t easy, particularly so given BYOD and people working in public places and the increasing complexity of IT overlaid by the growth of the IoT.  Plus, it’s arguable that individuals tend to have a more relaxed attitude towards their mobile devices, particularly if they’re using them for leisure as well as for work.  Security information vendors and specialist consultants the world offer a plethora of advice to help their business customers deal with the evolving mobile threat, but in the meantime there’s much that we can all do as individuals to protect ourselves and our organisations.

Even though most mobile phones have built-in password protection and other security options, 2018 research from Kaspersky Lab found that 52% of people do not password-protect their mobile devices, while only 22% of consumers use anti-theft solutions on their phones.

Encouraging staff to use such simple methods already available to them is a good place to start. In fact, engendering greater general awareness of the mobile threat will help people to think twice when working in public places.

Other Best Practice steps to recommend they take can include avoiding non-secure public Wi-Fi (however tempting that may be) and to instead connect to business apps via a corporate virtual private network (or, at the very least, private Wi-Fi networks that they’re confident are relatively secure).

Ensuring that all software updates are carried out, including mobile operating system and application updates, is basic but good vulnerability mitigation. Phishing is on the rise, with e-mail its main attack vector. On mobile phones, the full e-mail address is often not displayed – only the sender’s name – so users need to double-check any unsolicited e-mails before clicking on embedded links (even if they do look legitimate).

Taking visual privacy seriously

Finally, visual privacy must be taken seriously. Studies carried out by The Ponemon Institute on behalf of 3M repeatedly showed that ‘visual hacks’ are very easy and fast to achieve. Prevent unauthorised viewing or photographing of mobile screens by angling screens away from prying eyes or, better still, simply put a privacy filter on every employee’s mobile phone. The screen is then only viewable at close range and straight on. To onlookers the screen will appear black.

Mobile security is a multi-faceted challenge and one that’s too important to ignore. While the onus is on IT and security professionals to provide technology-based solutions, there’s also much we can do to protect ourselves on an individual level. Here’s wishing you a safe mobile 2019.

Peter Barker is Market Development Manager (EMEA) for the Display Materials and Systems Division at 3M

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts