Where to start with security? People or devices?
By Rob Hale, Head of IT & Cyber Security Practice, O2
Here’s a question I’m hearing a lot: how can I keep my organisation secure without enforcing drastic restrictions on remote workers and their devices? And here’s another question I hear almost as often: how real, and how serious, is the security threat to mobile devices? To answer, we need to look at two ways today’s cybercriminals are targeting remote workers. I can also show how you can mitigate risks without compromising the freedom, choice and flexibility your people demand.
Keep ransomware out
Ransomware is malicious code that installs itself on a device then demands payment to unlock or remove it – often holding the user’s files hostage as leverage. But when you’re trying to transform your organisation and encourage your people to be productive anywhere, you want to increase their opportunities to connect to the corporate network. Public wifi hotspots are high-risk when it comes to the threat of ransomware infecting mobile devices – I’ve read estimates that 30-40% of people have connected to malicious wifi. At O2 we provide both wifi and mobile networks, so it’s important for us to focus on trying to keep your data secure whether it’s travelling across cellular or wifi connections, transitioning between the two when required. It’s important that you can be confident in your WiFi connections and if your people have to choose and connect to a network you don’t have control or visibility of is a risk, providing access to a trusted network like O2 WiFi where ever they are is very important. The connectivity is invisible to the end user, who simply gets the data access they need and the effortless user experience that matters to them.
Detect dodgy apps
Today, IT gets so much pushback from people who want to choose their own apps that they’re often forced to give into the pressure. Even the traditional ‘blacklist/whitelist’ approach is increasingly unworkable as cybercriminals get smarter. Risk indicators for malicious apps include the app’s category – because a cybercriminal wants as many downloads as possible, and is more likely to get them from a cool new game or from popular productivity tools like spreadsheets, travel or expenses apps. I’ve even seen a scarily well-executed fake app that claimed to belong to a ‘big brand’ company with a huge business customer base. Worryingly, those customers were invited to enter their bankcard details into the fake app, which they were all too willing to do.
How to balance risk and reward
If you start by allowing people to download any app, within reason, then you can monitor the data the app wants to access and take action against anything suspicious; like if a spreadsheet suddenly requests access to a camera or microphone for no good reason.
You can also spot potential threats by identifying where the app was created, and if it shares its origins with other suspect apps.
A service like O2 secure mobility combines both the mobile device management (controlling which apps can and can’t be installed and applying device security policy) and mobile security (checking the behaviour of apps and phone is ok). Plus it saves you the unfeasible potential cost of micromanaging mobile app access privileges in-house across a fast-growing fleet of devices. And it’s a great way to make sure your people enjoy the right balance of freedom, great user experiences, and security.
To learn more about how to keep your organisation secure contact me.
Ready to scale up your business? Call an O2 business specialist on 0800 028 0202 or call free from your O2 mobile on 8002.