Mobile security: 7 innovative tactics to engage your employees in 2018
As mobile device use increases, so too does the threat of a mobile security breach. Already, two out of every 10 companies have experienced a mobile cyberattack and a full 94 percent of companies expect the frequency of mobile attacks to continue rising, according to Dimensional Research.
The most recent 2017 security breaches prove that the damage from a breach can be costly to both your organization’s reputation and its bottom line. However, avoiding a mobile security breach isn’t just about having a secure infrastructure or strong authentication methods. According to the Harvard Business Review, 60 percent of cyberattacks are carried out by insiders, so getting your employees to take mobile security seriously — and knowing the potential weakest links — is crucial.
Here are seven tactics you may not have considered that you can use to help employees take mobile device security more seriously:
1. Get employees to comply through gamification
Phishing attacks are a common source of security breaches, but training employees to be aware and avoid falling prey to phishing can be challenging. Gamifying the educational process around mobile security policy compliance can be an effective way to raise awareness and compliance.
Gamification works by both rewarding employees for complying with security policies as well as punishing them when they break them. For example, you can send out fake “phishing” emails to test how well employees are complying with company policy. Using scoreboards, you can award or subtract points based on whether they respond appropriately and hand out prizes to those with the most points.
2. Use AI to better understand employee behavior
AI can be used to identify where employees are deviating from your security policies. By analyzing data, you can identify not only broad violations of security policy, but you can also see who is — and is not — not complying with it. Then, you can take corrective action with specific individuals or identify policies that a large number of employees are ignoring and work to improve compliance.
3. Know your employees
It’s impossible in a large organization to truly “know” every individual employee, but you should have an understanding of what each role within the company does, what level of access that role should have, and the general types of behaviors you should expect from them. When you know your people at this level, it will be much easier to see when there is behavior occurring that doesn’t match the security expectations for a certain role or user group.
4. Containerize your data
In a BYOD world, keeping work and personal data separate has long been a challenge. One way to better secure your data is to use a mobile containerization solution. This allows you to essentially “lock” away and control critical business data and applications while protecting the privacy and personal data of your employees.
5. Use biometric authentication methods
Employees are notoriously bad at using secure passwords. Many reuse the same password across multiple applications and devices or share passwords with others. But more mobile devices now allow for biometric authentication, through either fingerprinting or iris scanning. Biometric authentication not only relieves employees from having to remember a complicated password, it’s also much more difficult to hack.
6. Deploy a mobile VPN
You may already have a VPN service for traditional desktop access for employees that work remotely; however, it’s equally — if not more — important that you extend your VPN service to employees’ mobile devices. With employees using their mobile devices to work from almost anywhere, such as the coffee shop, airport or at home, ensuring that they have a safe way to connect to unsecured Wi-Fi networks is essential.
7. Improve your communication
This tip may seem obvious, but the reality is that most companies don’t go far enough in communicating and educating employees about security threats, or about their role in protecting the company. Try holding monthly or quarterly mobile security educational meetings or webinars, or sending out weekly email communications to keep security issues top of mind.
Mobile security threats will only continue to grow in 2018 (and beyond) as hackers turn more of their attention to mobile devices. To protect your business, you need everyone involved, especially your most vulnerable target: your employees.