Mobile workers need protecting, so does your network

The rise in BYOD (bring your own device) has meant a sharp increase in the number of devices connecting to the corporate network.

Employee-owned devices can and probably will leak corporate data. A strategy must be in place to deal with lost or stolen devices with sensitive data that cannot be remotely wiped, malware infections, and sensitive data that’s too easily sent to unauthorised third parties.

Good secure access to an organisation’s apps from a mobile is more than putting a firewall in place. So how does an organisation create and enforce a proper network security strategy that allows access from mobile devices.

Securing the network with IT governance

The challenge of secure networks to cope with mobile access is not intractable but will necessitate a lot of thinking. It will also need an IT governance plan of action. Any decent network security strategy must include device discovery and impact assessment as well as base conditions for acceptable use.

Most wireless network and access control products have device discovery features that IT can use to detect mobile devices. Devices that fall into certain categories can be directed to mobile device management enrolment portals. The rest can be blocked until administrators can investigate further.

Deciding on which devices are blocked versus those that can be enrolled should be done in consultation with business units to define application and data requirements and ascertain the related risks and security competences.

Carrying out such assessments should lead to the creation of documented mobile device benchmarks that any device must pass to be approved. At a minimum, the conditions should include support for remote wipe, passcode-based device access control and hardware encryption.

A well-thought-out strategy for network security when it comes to mobile devices should decrease the risk from lost or stolen phones, tablets and laptops. Some parts of the business may want stricter requirements such as two-factor authentication, or stronger encryption.

After establishing the standards that mobile devices should adhere to, IT should also create and maintain lists of those devices it will support as well as those it considers too disruptive to do so.

User education

As a single data breach can cost more than the cost of training staff, education users on the best practices when it comes to mobile security is a good strategy to defend your network and an effective preventative measure.

Putting the emphasis on the effects of mobile device misuse, loss or theft will give employees a greater motivation to obey corporate policy. But users need to know the specifics.

Users should know what the proper procedures are for storing and transporting their devices. This can be as simple as instructing them not to leave devices unattended in public locations.

They should also be aware that security policies can be broken by copying sensitive data (such as staff details and corporate intellectual property) to unencrypted device storage can have severe ramifications for the user.

Users should also know what the procedures are for changing or setting passwords for mobile devices, in accordance with an organisation’s existing password policy.

Making sure that employees have a good grounding on an enterprise’s network security policy will help a lot in decreasing security breaches.

After strategy come enforcement

The essential part of any network security strategy when it comes to mobile access in enforcement. If any policies that are created as a result of your strategy are unenforceable, it will be essentially worthless. It is crucial that when developing a network security mobile access policy that it should be easy to configure, deploy and enforce.