Skip to main content

The importance of data encryption on employee mobile devices

We’re living in an increasingly mobile world. According to recent research from Sapho, three-quarters of companies allow employees to use personal devices for work, and employees who enjoy this workplace benefit save 81 minutes per week on the job. With this convenience and enhanced productivity, however, comes a business risk: If an employee’s personal mobile device is lost or stolen, unauthorized parties can easily access sensitive data stored in email and other applications. Here’s why data encryption on personally owned devices is so important and how better employee data protection protects both the business and its staff.

Why mobile data encryption matters

The mobile devices we use to check sports scores and order takeout can feel so closely linked with our personal lives that, at times, we might underestimate the considerable risks they pose from a business security standpoint. Make no mistake: The risks are real. Because these devices are getting smaller and sleeker all the time, they can be easily lost or stolen, making personal or business information subject to theft as well — unless that data is encrypted.
If employees’ devices tap into the corporate network, it’s important to secure them with at least the same level of vigilance and due diligence you would a company-owned device. Healthcare IT professionals understand this imperative well, as HIPAA regulations strongly recommend encryption for all corporate data and documents that may access or contain protected health information (PHI).
In the post-GDPR world, it is more important than ever to ensure that customer data is securely handled on all the mobile devices that access it. Given this complex environment, CSO Online advises IT administrators to compile a complete list of relevant government regulations relevant and use it to inform their approach to enterprise mobile security, particularly bring-your-own-device (BYOD) policies.
Where encryption is concerned, it is important to understand the distinction between data in transit and data at rest. It’s easy to appreciate the fact that communications can be intercepted without proper encryption and strong authentication methods in place to protect them; it’s a bit more difficult to comprehend just how vulnerable data stored on a mobile device can be unless it is encrypted.
Once accessed, unencrypted mobile device data can quickly yield a treasure trove of sensitive financial, business or personal information that should be kept from prying eyes. If such unauthorized access results in a breach, an enterprise can suffer massive reputational damage and find itself subject to hefty regulatory fines.

Steps for securing employees’ personal mobile devices

There are a number of steps enterprises can take to better secure their employees’ personal mobile devices, from ascertaining what devices are in use and what data they access to implementing specific safeguards with a mix of security tools and policy.
  • Use strong passwords and authentication protocols. Mobile devices should be protected with long alphanumeric passcodes. Enterprises whose BYOD participants access particularly sensitive data might want to implement biometric authentication methods as well. It’s important to remember, however, that passwords can be defeated, and as such, it’s wise to add another layer of protection in the form of device-level encryption to thwart a potential attack.
  • Determine which devices require encryption. Not all data needs to be encrypted, and not all devices work best with the same encryption tools. To assess your encryption requirements, it’s beneficial to first have a comprehensive inventory of mobile devices that access enterprise data, including smartphones, tablets and laptops. From there, determine precisely what data must be encrypted and which solutions are best for the task at hand.
  • Consider encryption across the entire data lifecycle. Enterprises often protect data in transit through virtual private networks (VPNs) and other forms of encrypted communication, but they may not always provide the same protection to data at rest on a mobile device, which is equally susceptible to breach. With this in mind, they should map out the entire data lifecycle of sensitive enterprise data and take proactive measures to secure it at every step and on every device.
  • Scrutinize applications’ storage methods. It’s a smart policy to prohibit storage of sensitive data on personal devices, but even enterprises that do may find that applications employees use to access corporate data may cache that data locally on the device to provide smoother performance. If these applications do not encrypt the data they cache, it could become vulnerable to an attack.
  • Review your company’s BYOD policy. If your BYOD policy does not explicitly reference the need for encryption, it’s wise to consider reviewing and updating it accordingly. If the business makes the decision to start encrypting data, it should clearly communicate this change in policy to BYOD program participants.

Tips for mobile security awareness training

All the enterprise-grade mobile device security in the world, while of course valuable, cannot outweigh the need for effective user awareness training. In order to defend the business against all potential threats, BYOD program participants must understand the risks inherent in mobile access to corporate data and the consequences that could arise in the event of a breach.
By explaining how encryption secures data both in transit and at rest and communicating to users how encryption can protect them and the business from the threats they face, IT teams stand a far better chance of gaining user buy-in with regard to securing their own personal devices.
With mobile devices proliferating throughout the enterprise, it’s an ideal time to pursue better employee data protection through device encryption. Enterprise mobile data is the next frontier for cybercriminals, who know how easy it can be to leverage the vulnerabilities inherent in mobile device access to corporate networks. By taking prudent security measures now and educating employees on the importance of protecting their personal devices from unauthorized access, enterprises can maximize the benefits of a robust BYOD program while minimizing its risks.
Labels:

Comments

Post a Comment

Popular posts from this blog

Disney Discovers How To 3D Print with Fabric

We have seen 3D printers produce objects from plastic and even metal. But the Magic Kingdom is living up to its name with the announcement that it has designed a 3D printer capable of printing with fabric. A group of researchers at Cornell University, Carnegie Mellon and Disney Research unveiled the invention in a paper last weekend. According to the researchers, the device is capable of forming precise, but soft and deformable 3D objects from layers of off-the-shelf fabric. Among the objects the research team produced were a fabric bunny, a Japanese doll, a touch sensor made of fabric, and a smartphone case with an embedded conductive fabric coil for wireless  power   reception. Touch-Sensitive, Wireless Power To form each object, the printer uses a single sheet of fabric to create each layer of the object. The printer cuts this sheet along the 2D contour of the layer using a laser cutter and then bonds it to previously printed layers using a heat sensitive adh...
Post a Comment
Read more

Top Link Shortening Websites to Make Money Online

While there are many ways to make money online, I believe making money by URL Shortening is one of the best for newbies. Just shorten URL, people click on it and you make money. Quite fantastic, isn’t it? Today I am going to present before you the top legit URL shortening website that you should choose to make money online. I have taken care of many factors before ranking them, like Page Rank, Alexa Rank, My Experience etc. I’ll keep on updating the list when it is needed. Before jumping to the Shorteners I would like to explain the factors on which ‘Top Legit Shorten URL and Make Money Online Sites’ list is based: Page Rank:  Page Rank is the one factor that Google uses to rank websites on their search results. Page Rank of a site can be anything between 0 and 10. Page Rank is generally given on the basis of quality of site and backlinks it has got. Alexa Rank:  Alexa Rank shows the relative popularity of website over internet. Less is the Alexa Rank, more the si...
1 comment
Read more

10 Ways To Prevent Your Mac From Being Hacked

Information protection is now scrutinized in all commercial and government industries. Theft of information has crippled many organizations and businesses. One of the main reasons information is lost, corrupt, or stolen is because many industries have not fully adopted it as a risk, and have yet to implement strong quality assurance policies and programs. Some of the most common risks are because of unattended computers, weak passwords, and poor information management practices. Hackers look for the weakest target and tunnel into a business from easy sources, like tablets or cell phones. Using smart encryption software can remediate this threat and vulnerability, making it difficult for competitors or rookie hackers to penetrate your device. However, software alone is not enough to prevent Macs from being hacked. It is the Mac user who has the authority and resources to save it from potential penetration.  The top 10 ways to prevent your Mac from being hacked  is ...
Post a Comment
Read more