People can be lazy, careless and obnoxious beings. They can be annoying and inconsiderate, unhealthy and dishonest. These qualities are the sort that have prevented many a serial rookie from keeping or landing jobs. Manifested in bad habits ranging from gossip to procrastination to poor hygienic practices and beyond, you don’t want these characteristics showing up in your workforce.
Of course, now that so much of the work done in offices around the world is performed on computers, in the cloud and on mobile devices thanks to the BYOD movement, it is becoming more and more difficult to find the vulnerabilities in the body of an organization. There is no way of knowing whether or not Tim from customer service is using best password practices or simply phoning it in like most people are prone to, and it might not be Sharon’s fault that the new mobile game she downloaded onto the phone she uses from work contains malware that will inevitably compromise the network of the hospital she works in.
Staff are human and humans have developed habits that favor convenience and fun over security and privacy. That’s why it might not come as a surprise to find out that in a recent survey conducted by Mobile Work Exchange using a self-assessment tool called the Secure Mobilometer found 41 percent of 155 individual government respondents are letting these embarrassing foibles compromise their associated agencies.
According to the results of the survey, which was commissioned by Cisco, 90 percent of the respondents use at least one mobile device (which for the purposes of the study includes laptops) for work. Additionally 78 percent of the total correspondents reported always storing files in a secure location. This all sounds like best practices, so what’s the problem?
Well, according to the survey results there are a few bad habits – all seemingly motivated out of a need for convenience – that despite the initial precautions described above, are putting agencies at risk. A third of the surveyed connect to public WiFi networks, just over half of them don’t encrypt sensitive data and a quarter don’t even protect their devices with passwords, let alone multi-factor authentication methods.
So, what can be done about this? Short of invasive surveillance measures undertaken by employers, nothing quite solves the problem like education on the dangers that these practices actually pose to both end users and the organizations they work for. All of this reported risk can be eliminated by hammering home a few easy concepts.
First of all, some protection is better than no protection at all. These agencies need to first realize that issues of mobile security affect them and then enact and enforce policies that promote best BYOD practices. What might seem like common sense to someone who knows how flimsy passwords are, might be a revelation to one of the almost 30 percent of the survey subjects that use easy-to-crack or written down login codes.
Secondly, research should be done by the organizations that deal in critical information in regards to what is out there on the market to protect them from cybercrime and data theft. For instance: some customer service level ticketing software like Tessitura, requires every representative to activate a One Time Password (OTP) token in order to perform any action at all. Perhaps cloud-based MDM software that can remotely wipe or lock devices better suits the agency. Even if it comes down to banning mobile devices from the office (not recommended), the discussion needs to be taking place.
Thankfully, over the past year vendors and manufacturers in the identity industry have been focussing on breaking down the barriers of adoption in biometrics and multifactor authentication solutions for the expressed purpose of making BYOD easier on organizations.Through a number of collaborative efforts, affordable, convenient and strong identity management solutions are being made available for physical and logical protection.
The key moving forward is going to lie in the discourse organizations are willing to have and the accessibility of the options available.