How to pragmatically embrace mobility in response to a remote workforce
The Coronavirus has impacted businesses and employees in a myriad of ways, and one common thread is the sudden need for employees to work remotely. Because of this, organizations may want to rush into adopting a BYOD program so that employees can work more effectively from home. But without the appropriate controls, they may be unintentionally introducing new risks to their organization.
Allowing employees to work productively from any device and any location is a good idea regardless of situations like the novel coronavirus. However, keep in mind the shared nature of a mobile device. When your employees work from personal devices, and are accessing corporate data, the health of the device must be taken into account, and it must be assessed for compliance with corporate security and risk policies.
Your employees are probably using their mobile devices to access social media or other sensitive sites, and some employees frequently hand this device to their children to distract them. Kids are smarter than you think when it comes to downloading and installing applications onto these devices, some of which could be unauthorized or unsafe.
If your employees are empowered to use their mobile devices for work, you want to make sure those devices are not running outdated and vulnerable operating systems or apps, and that unauthorized software is not installed, as these can put the security of the device – and more importantly, corporate data – at risk.
The most popular cloud services tend to have integrated security controls, such as G Suite and Office 365. A cloud Identity and Access Management solution is another key control for enabling a remote workforce, as it can enforce who can log in from where, and with what level of security.
It is a good idea for companies to set a baseline of security expectations for devices that access corporate data. For example:
- Should personal mobile devices be allowed to access corporate data? Or only company-issued ones?
- What operating systems should be allowed to access corporate data? What are the minimum operating system versions required?
- What minimum security controls should be in place (e.g., passcode is set, encryption is enabled, device is free from malware)?
From my conversations with Lookout enterprise customers, there are many forward-looking organizations that have been adopting an “any screen” policy. Such a policy enables almost any work-related task to be completed from a laptop, tablet or mobile device – as long as it is compliant with its corporate policies. The motivation for this policy is generally to increase productivity, but we’re now seeing the business continuity benefits as organizations respond to the novel coronavirus.
Robust and mature organizations have business continuity plans in place, from natural disasters to pandemics. The challenging thing about COVID-19 is that it is affecting every location in a global organization at once. Normally you plan for what happens if one site is impacted, but this is a very unique situation that impacts all locations equally. This is stretching the limits of many organization’s business continuity processes. If there is anything we can do to help support your business, please don’t hesitate to contact us.