For executives overseeing a mobile workforce, enterprise grade security – for both Android and iOS devices – is essential. Without the resources to identify and isolate leaky apps and avoidable risks, a company can quickly lose control of confidential information.
As business leaders, CEOs have a responsibility to make these safeguards a priority; they have a duty to invest in the right resources to gather mobile forensic, system, network, security and sensor data from smartphones and tablets. They need real-time analytics to detect suspicious behavior or potential threats to personal or corporate data.
These needs go well beyond what's offered by conventional mobile security products, which usually just check for malicious apps. But they are necessary for transforming a mobile culture into a fully mobilized workforce, as they provide a shield against a hostile environment, where sensitive data is often easily exposed and popular apps are vulnerable to attacks.
I write these words as a technophile, and as someone who views mobile communications as a case study in business leadership, innovation and the swift adaptability to rapid change. I am also an executive – a mobile one, since I work remotely (approximately 3,000 miles east of company headquarters) – and use a variety of Android devices.
We no longer have conventional schedules, nor do we all commute to a corporate campus. Our satellite office may be an airline seat, a Wi-Fi hotspot, a hotel room, a convention center, a coffee bar or a makeshift space in an apartment, townhouse or private residence. We are, in a word, mobile.
The task for executives is to accept this reality and invest more aggressively in securing data in the BYOD workplace. This requires a broader understanding of the threats we face, the way apps may worsen that situation and the solutions available to us.
How to Respond to These Risks: Principles of Leadership
In a way, these issues transcend technology; they are, instead, rules about leadership and crisis management. And if one thing is certain about a CEO's role, it is that the office is command central for handling unexpected events and responding to a variety of challenges. This presentation by Chicago-based mobile security company viaForensics (“Assume a Hostile Environment: Securing Mobile Data in the App”) offers an excellent primer for executives about the threats facing BYOD workplaces and what can be done to mitigate those threats.
By assuming a hostile environment exists, companies can strengthen security where critical business data often resides – in the app. But too often, app developers are failing to put proper security measures in place during the development cycle. A recent viaForensics study found that 60% of apps offered through official channels like Google Play and Apple's App Store have serious security flaws. These can include not encrypting stored data, not using SSL connections, and leaking sensitive data to the device log.
Whether your company is creating their own custom enterprise apps or relying on third party apps, you need to make sure they are properly secured or they could act as a gateway to data breaches that could expose your organization's financial information and other sensitive materials. Business leaders must realize whatever information their employees can access from their tablet or smart phone is also potentially accessible to attackers. Last year, the average cost of remediating a data breach was $8.3 million, a figure projected to rise 10% over the next two years.
Does this mean every CEO must be conversant in coding and app development? The answer is no, but the solution to this potential crisis rests with retaining experts who are supremely fluent in this language of mobile technology.
Beyond using secure apps, creating a secure BYOD workplace demands visibility. Your workforce's mobile devices and apps should be proactively monitored to make sure they are updated with the latest operating systems and versions. Your IT experts need to know how sensitive information is being stored and accessed, and where it is being sent. They need to be able look for patterns of behavior and anomalies that may indicate suspicious activity.
A CEO does not have to take on this assignment alone, but as a responsible corporate leader, he or she must prove their leadership value by working to mitigate the risks presented by a hostile mobile environment.
—
Michael D. Shaw is a columnist, biochemist and protégée of the late Willard Libby, the 1960 winner of the Nobel Prize in Chemistry. He writes about a variety of subjects including wellness, health care, and business leadership.