Posted by: David Scott
computer virus, device security, malware, mobile access, mobile apps, mobile device, mobile efficiency, mobile readiness, mobile risk, mobile security, mobile workforce, remote access, security training, small and medium business, SMB
Small and Medium Business (SMB) can really benefit from mobile readiness. Beyond the obvious reasons (the idea of “readiness” and a paired security posture hardly needs to be sold), the SMB market can capture and leverage a whole population of assets that essentially have no overhead. No TCO, no appreciable Time to Value (TtV); they’re here now, in that they’re often owned and maintained by people as personal assets: Things such as smartphones and laptops.
Of course, often enough these devices are provided by SMB too, as tools of any particular job; but there does exist a ready population that can be exploited – and that must be protected.
Whatever devices (and associated users) desire to access your data, systems, and tools – you must take inventory and qualify access before you greenlight it. Assess whether a particular user really needs remote access – is it going to be an efficient enhancement to work? Will it be productive? Does supervision agree that access is desirable? Is a strong case being made?
Then the risks can be weighed against the benefits – and there are always risks. Mobile devices will harbor sensitive data – and that data can easily be lost. Also, mobile devices transmit updated data back into your central repositories – on your network: filestores that represent the content feeding your mission critical applications. Things such as the organization’s sensitive financial information; customer databases and records, sensitive correspondence – you name it. You must ensure sourced mobile data is healthy, accurate, and whole.
Mobile devices also represent a portal through which malware may enter the organization. Therefore, an entire regime of recurring user education is necessary, and a standard schedule for review of devices for compliances and updated protections for malware, etc., is absolutely essential.
When devices are lost, it is imperative that users alert IT – lost devices can allow unauthorized access to the network; IT must immediately bar a device’s ability to access upon loss. And while on that subject, beware devices that have unsecured remote access – that is, no password or stored password, allowing the “greased entry” upon a simple switch-on of the device.
Let’s keep rolling on this…
NP: The “In” Crowd – The Ramsey Lewis Trio, jazz24.org.