Rethinking mobile security in a post-COVID workplace


In the world of enterprise mobile security, sometimes horrible situations force security corner-cutting to preserve the company. And COVID-19 forcing companies to empty office buildings and move everything (and everyone) to remote locations and the cloud in March 2020 is the classic example. What led to the security shortcuts was not just the abrupt change to work from home, but the fact that companies typically had to make the transition in a few days.

Add to that increased problems with IoT security — especially as IoT devices in home environments accessed global systems via VPNs, sometimes spreading malware through the pipeline — and you have a mess. A recent Verizon mobile security report put it bluntly: “Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That’s an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds [67%] in our IoT sample. And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed.”

A quick note to put those numbers in context: It’s a survey. How many security executives knew that they had cut corners, but were scared to admit it in writing? Security pros know better than anyone how easily data can leak. So  the reality is likely even worse than the Verizon data suggest.

There is a more frightening issue: as I sit here some 13 months after this happened, far too many holes have yet to be plugged. CISOs and IT teams have been so insanely busy (and understaffed) just trying to keep operations up and to not create any new security holes that they haven’t had the opportunity to fix old vulnerabilities.

This means that C-suite leaders — the CFOs, COOs and CEOs — need to budget and insist on fixes happening.

In the meantime, here are some easy repairs to start to reduce your COVID-related risks:

Copyright © 2021 IDG Communications, Inc.



Source link