How to Mitigate Risks of Agile Working with Mobile Device Management

Agile Working

Agile working is a great enabler for directors, partners and staff. Employees enjoy the flexibility of being able to work from anywhere, at any time of day. Above all, clients recognise the value of being able to engage with you on their own schedule, which makes them even more satisfied with your services. Mobile device management provides secure and compliant strategies that give your organisation a competitive advantage.

Agile working can enable your firm to drive productivity in exciting ways. Furthermore, this can help differentiate your firm from the competition. A successful agile working strategy involves more than putting email on an employee’s phone to deliver these competitive advantages.

UK organisations now rely on some form of digital communication or services. Yet, the challenge of protecting data may seem like an ever-more daunting one. Consider these three key questions:

  • What happens when devices are lost or stolen?
  • Is your firm’s data secure on these devices?
  • How do you prevent unauthorised access to data from devices?

Get it wrong and you could face ransom payments from cyber criminals. Or, large fines for regulatory breaches from the Solicitors Regulation Authority.

Mobile Phone Cyber Security

It is no surprise that cyber security is a high priority item on the boardroom agenda. Most organisations have been unable to mitigate the most common threats in the past year. In their recent survey about cyber security, Ipsos Mori found the average cost of a breach to a medium-sized firm to be £16,100. During the last 12 months, almost half of those surveyed had identified at least one attack.

In staggering numbers, fast-paced professionals wishing to remain connected with their firm whilst on the go are replacing their laptops with the latest mobile tablets and smartphones.

 

A Secure Environment for Mobile Devices

For most firms, the rise of flexible working has brought with it a dramatic change in priorities and annual budgets. We’ve heard several horror-stories in our professional networks of breaches of employee and payroll records, leaks of case files and even theft of intellectual property. As our priorities relating to data security have changed, so to have our annual budgets. Spending on wireless and mobile telephony has typically overtaken the desk-based telephone system. Certainly, this can shock even the most seasoned Finance Directors with their unpredictability.

When planning to implement a Mobility Strategy, your organisation must include input from all stakeholders to ensure its success. The strategy should outline the individual priorities of each department and align them with short and long-term goals. It should answer some key questions including the number and type of devices you are managing, how and why these devices are being used and what services your devices are connecting to internally.

The most successful strategies deliver three core benefits:

  1. Measurable ROI in months, not years. Whether managing the firms or employee-owned devices, an agile working strategy is a good opportunity to realise expenditure savings. Furthermore, employees who are encouraged to use their own mobile devices will save having to purchase often expensive alternatives. Easily transfer more of your data traffic onto Wi-Fi networks, thereby cutting the cost of your monthly mobile data plans.
  1. More satisfied and productive employees. Employees who have the ability to connect to the firm’s network from anywhere can take advantage of dead-time. Such as, the twice-daily commute and time between meetings to complete work-related tasks. Research suggests, mobility strategies can increase employee productivity by as much as 23 percent.
  1. Simple and highly-secure access to client data and applications. Building a strategy helps you control and manage mobile use so employees use mobile devices more securely. For example, using pre-configured Wi-Fi networks. The monetary value of this approach cannot be overstated.

 

What sensitive information is my attacker privy to?

Most mobile phone fraud involves a variety of scams targeted at the general public. For example, these either persuade you to buy phone-related products or to make phone calls/texts to premium services by accident; or to unknowingly sign up to expensive subscription services. However, these can be very costly to you as an individual or your firm and it’s important yourself and staff are aware of them all. If your mobile phone is hacked, are you aware of all the sensitive information your hacker is privy to?

  • Access your calendar and know when and who your meetings are with
  • Turn on the mobile device recording function to listen in on boardroom meetings, sensitive case discussions, merger/acquisition talks
  • Activate the camera to take pictures or videos
  • Read browsing activity and any user names and passwords entered into sites
  • Export contact lists with call and text history
  • Forward emails/texts sent to or from your device
  • Access phone calls and voicemails
  • Track partner/senior staff location at anytime via GPRS

 

Does this sound like you?

Imagine this:

You’re early for a meeting so you go to a coffee shop to check and send a few emails for 30 minutes. After looking at the WiFi networks available and identifying one with a strong signal, has a similar (or the same) name as the coffee shop, is free of charge and open – you log on right?

You believe you’re interacting with a known entity… like a website. This is when the breach of your mobile device happens as you connect to an attackers WiFi hotspot they have created. In conclusion, hackers then eavesdrop, intercept and alter traffic between two devices.

Did you know 1 in 4 WiFi hotspots are open to attack?

Next time, you may wish to check behind the counter for the exact name of the WiFi which should be password protected.

 

Top 5 Mobile Scams to Warn Employees About

  1. Missed Call Scams

Your phone registers a missed call. You don’t recognise the number, so you call it back. Although most of the time the call will be perfectly above board, you may be redirected to a premium rate service which can cost up to £15 per call.

  1. Recorded message scams

The number you’re asked to call back may be a recorded message telling you that you’ve won a prize, and giving you another number to call to ‘claim’ it. But this second number may be a premium rate one. Also, your prize may be nothing more than a ring tone subscription – which can also be fraud!

  1. Text message scams

You’re sent a text from a number you don’t recognise, but it’ll be worded as though it’s from a friend. For instance: “Hi, it’s Peter, I’m back! When do you want to catch up?”. You call it back, thinking you’re doing them a favour by telling them they’ve got the wrong person. This results in you being charged a fortune for a premium rate call. Or you may text back and end up engaging in a lengthy SMS exchange. You find out that you’ve been charged high rate for your texts (and sometimes for your received texts as well).

  1. Ring tone scams

These scams might attract you with an offer of a ‘free’ or low-cost ring tone. By accepting the offer, you’re actually subscribing to a service that will keep sending you ring tones. They will also charge you a premium rate for them. There are many legitimate companies selling ring tones, but there are also fraudsters who will try to hide the true cost of taking up their offer.

  1. Phone insurance scams

If you’ve bought a new mobile phone, a fraudster may call you to sell you phone insurance. They will make out as though they are calling from the shop where you bought it from, or from your mobile phone network. At best, you end up with poor quality phone insurance or, at worst, none at all.

 

Mobile Device Management Solutions

Mobile Device Management for Bring-Your-Own-Device (BYOD)

Whether part of your employee handbook or not, elements of bring-your-own-device (BYOD) initiatives are commonplace. For example, if you use Office 365 or Google for your business email, the chances are some of your most eager employees have tried to access it from their personal devices. While unmanaged, a stolen device could represent one of the biggest threats your organisation may face. A good mobility strategy should consider mobile device management privacy.

What does Mobile Device Management do?

This software does exactly as its name implies. Firstly, you can decide which mobile apps can be white & black-listed i.e. what can and can’t be downloaded and keep track of all the mobile devices in your firm. This enables enhanced mobile security.

Should any mobile devices be reported missing or lost, remotely locate, lock and wipe the device. Thus, protecting the integrity of firms data that has accompanied the mobile device. Manage what company data mobile devices can access and ensure you have the capability to separate the firms’ data from personal data. Extremely useful should you be currently exercising, or plan to initiate, Bring Your Own Device (BYOD) across the organisation.

Take advantage of a free 30-day trial for Mobile Device Management. Click here to register.

Why is Mobile Device Management Important?

When considering flexible working, a mobile device management solution is a must-have. Your chosen solution should give you visibility and a level of control over all device types. Whether they’re mobile phones, tablets or laptops. Managing devices with different operating systems may sound like a minefield. However, the right solution will automatically configure devices according to your security policies. Whilst ensuring that devices remain compliant before accessing your network.

Support Legacy Systems

Ensure your chosen solution provides support for legacy systems. While most solution vendors are proud to support the latest operating systems, there are many larger firms that still rely on legacy systems for various reasons. To ensure consistency of your security policies, and reduce the workload of its management and enforcement, choose a single solution that lets you uniformly manage all assets accessing your network.

Mixed Device Ownership

Users may own and use multiple mobile devices to access the firm’s data. Your solution should allow you to set up user and group-based compliance rules. That will help your bring-your-own-device strategy to succeed. If your firm has a mixed device ownership model, you might want to create separate rules for your corporate devices and those owned by your users.

Location Based Compliance

In addition to user-based rules, you should consider automatically enforcing policies based on the location of a device. For example, if you supply regulated services, you may be required to disable smartphone cameras or screenshot functions, to prevent card details from being written down or stored. Use advanced rules to enforce restrictions by location and allow full use of device features offsite to drive user adoption.

Read here 7 Reasons why YOU need Mobile Device Management.

Top tips to protect employees from mobile device fraud:

  1. Set up a password on your phone or tablet including voicemail access.
  2. Never store personal details like passwords in texts or emails that are accessible.
  3. Ensure a company policy states all staff must inform a senior partner immediately should they be unable to locate any mobile device. Inform suppliers immediately, unless you have MDM software – as they can blacklist and deactivate it remotely. Ensure staff change all passwords for online accounts accessed through the device immediately (e.g. online banking).
  4. If you visit a website through your mobile or tablet and the URL looks suspicious, close it down straight away.
  5. Don’t respond to unrecognized numbers of a missed call or text requesting a response.
  6. Ensure you get indemnity certificates on every device when disposing of your mobile devices. This will provide the security they have been wiped. It can also provide protection of a large sum of money should your firms mobile devices fall into wrong hands.
  7. Be extra vigilant when you have an upgrade due or your contract is near its end. This is a key time for fraudsters to target your mobile phone account with fake contract and insurance deals.

 

Mobile Device Management Policy

Mobile phone security policies are imperative in your workplace and as a firm, you are continually coming under greater pressure to make more profit. Partners and staff are being measured in greater detail to deliver profits in their department and maximise billable hours therefore, they will look at all resources available. Management and staff will start to take matters into their own hands to help them do their jobs more efficiently.

Findings from a Forrester Employee Survey discovered:
  • 16% of employees admitted they would install unsupported software
  • 22% would use a website or Internet-based service that their company doesn’t support
  • 35% would buy something with their own money if it helped them achieve targets

In addition to the requirements of your own agreements, there are many regulatory frameworks across the United Kingdom which mandate operational policies & processes. For instance, depending on the size of your firm, you may already have appointed employees responsible for certain obligations; such as a Data Protection Officer with GDPR… usually the COLP. When planning a flexible working strategy, it is important to engage with and collect feedback from key stakeholders across the firm. This ensures your mobility strategy adheres with all requirements.

Example Policies

Relevant Body Sample Policy
Information Commissioners Office Selectively wipe all corporate data in the event that a device is lost or stolen to mitigate personal data or a data security breach.
Financial Conduct Authority Set application whitelists to prevent unrecordable communications (FaceTime, WhatsApp etc) on corporate-owned devices for MiFID II.
Care Quality Commission Grant access to patient records within an encrypted container to prevent data leaks from copy/paste, screenshots or email forwarding.
Solicitors Regulation Authority Access corporate intranet and file repositories without initiating a VPN session and enforce the use of a secure, proprietary browser.
Cyber Essentials Plus Set rules to automatically download and install security patches within 14 days. Restrict network access to jailbroken or rooted devices.

 

Personal information and your mobile phone

Analysts at Gartner have predicted that by the end of 2019, one-third of reported malware will come from mobile devices. Unexpectedly, for flexible workers using mobile devices that access your network, the biggest risks come from malicious software and content-based attacks (such as viruses hidden within Excel spreadsheets). At a minimum, the most effective way to mitigate these risks is to ensure all applications are regularly updated and an anti-malware product is installed on devices where necessary. However, we highly recommend that you chose a solution that follows the GCHQ’s twelve principles for securing devices and most importantly will:

  • Detect devices that have been jailbroken or rooted
  • Alert users when malware is detected
  • Uninstall infected applications or wipe devices
  • Block ransomware apps that take control of devices

 

About Matrix247 Mobile Device Management

Across all industries, thousands of organisations trust IBM MaaS360® with Watson™ as the foundation for their digital transformation. It’s no surprise, because its the industry’s first and only cognitive unified endpoint management (UEM) platform. This delivers AI, contextual analytics and strong security controls across users and devices. Delivered from a best-in-class IBM Cloud on a trusted platform, MaaS360 helps to manage mobile security for a wide variety of devices. Consequently, this helps users provide integration with solutions from Apple, Android, Google, Microsoft and other suppliers of management tools. IBM works with these suppliers to provide integration and to ensure that integration can occur as soon as new tools are available.

 

Complimentary Professional Risk Assessment Review

Matrix247 will forward to your organisation a FREE comprehensive report which will identify all the potential risks across existing telecoms and mobile devices within your own organisation.

To sum up, we will identify all existing threats, whether the risk to your firm is high or low, based upon consequences and who would be affected. We will also look at what existing equipment and software you currently own that can be leveraged to assist in backing up and if there are specific solutions or advice we can share to remedy high-risk threats, we will also include these.  

 

About Matrix247

Established in 1991, award-winning Matrix247 has the expertise and experience to deliver compliant communications and include telecoms, connectivity, video conferencing, mobile communications and cyber security solutions to North West organisations. We also implement data networks for multi-location firms and enable remote working for employees, fee earners, partners and barristers. As Manchester Law Society’s preferred telecommunications supplier, read here why North West Law Firms are moving to Matrix247 to manage their mobile contracts.

We look to align your business strategy with a shared communication vision. Our goal is to ensure your customers and staff receive a communication experience that exceeds expectation. In addition to keeping on-going costs to a minimum!

We are in the business of maximising conversion ratios of inbound enquiries to client meetings by providing management information on all types of inbound multi-media communications ensuring existing money spent by firms on marketing is optimised and enables the greatest return for the organisation and clients.

 

To learn more about our mobile cyber security consultancy and corporate mobility project management, or to start a 30-day free trial, visit www.matrix247.com or contact us by calling 0345 362 0 247 or email hello@matrix247.com

Seen something you like? Contact us today