A chain is only as strong as its weakest link. If that chain is cyber security, the name of its weakest point is mobile device endpoints. A whopping 47 percent of cyber security professionals noted a moderate to significant rise in mobile device threats targeting smartphones and tablets since 2016, according to Crowd Research Partners’ 2017 Cybersecurity Trends Report.
The report also revealed that the primary areas of concern in mobile security involve data leakage, user-downloaded unsafe apps, and malware. To combat these threats, executives have implemented policies for remote wiping, device encryption, and data removal/disposal at employee separation.
These measures are important because data must be protected, threats must be detected and prevented, and regulatory requirements must be met. Candidates for executive positions who have received online executive MBA degrees are familiar with the current state of cyber security and have the leadership experience necessary to implement effective mobile security measures.
The COBO, COPE, and CYOD Approaches
Due to the unprecedented proliferation of mobile devices in our society, businesses have been forced to regulate their use in the workplace. However, the answer isn’t as simple as disallowing mobile devices at work.
Many companies have fully embraced the collaborative and/or communicative mobile applications in day-to-day operation. This can be risky; as the Cybersecurity Trends Report highlights, mobile devices are now the primary targets for cyber criminals.
The strategy many IT departments are using to combat this threat is called Mobile Device Management (MDM), which refers to the measures business executives and IT departments take to ensure that employees can use smartphones and tablets for work without compromising the company’s security. Several approaches have been used to this effect, according to tech journalist Jen A. Miller in her CIO.com article, “Mobile Device Management Has Become Alphabet Soup.”
Some of Miller’s suggested approaches include:
• Corporate-Owned, Business Only (COBO) – This model was the first major MDM approach by corporate America. Back in the mid-2000s, business people everywhere had a Blackberry smartphone in their hands. Their companies would issue them the phone with the stipulation that it was not to be used for any personal reasons. Most modern companies have since abandoned this approach as impractical, because employees consistently used their device for personal reasons regardless of their company’s usage policies.
• Corporate-Owned, Personally Enabled (COPE) – Because COBO devices were inevitably used for personal purposes, regardless of the rules governing their use, many companies began issuing smartphones that their employees could use for personal reasons, with certain restrictions. Current guidelines, for instance, block apps that could endanger company data.
• Choose Your Own Device (CYOD) – Some companies offer a choice of phone models for their employees. With both CYOD and COPE devices, however, the company maintains the phone (remotely in a lot of cases), even while it’s in the employee’s possession. In practice, many employees began bringing their own devices into work anyway, not liking the prospect of company control of their personal device.
BYOD and BYOD 2.0 – The Securing Personal Freedom Challenge
At first, when smartphone technology was just beginning to take off, the idea of Bringing Your Own Device (BYOD) was terrifying for IT departments. Executives worried that having no control over the employees’ phones would introduce an unmanageable element to their company’s cyber security. And at the time, they were right.
However, recent advancements in the security of apps, business networks, cloud account access, and business email accounts have made BYOD devices popular again. Additionally, since employees often want the latest, cutting-edge technology, BYOD devices are often the newest models and are regularly updated by their owners.
Today, a new version of BYOD is gaining popularity. The introduction of MDM software has made BYOD 2.0 a reality. Employees still use their own devices, but software must be installed on employees’ phones if they wish to use them in the workplace. IT departments can then use the software to monitor and track applications.
“Businesses can also set limits on what software and files can be accessed by certain individuals, ensuring that data is only available to the relevant members of staff,” says tech blog writer Barclay Ballard in his Betanews.com article, “What You Need to Know About BYOD.”
“Devices can be remotely locked, sensitive company information can be erased and rogue applications can be easily removed,” he writes. “MDM combines employee freedom with corporate security, which is why it is becoming increasingly popular with businesses employing a BYOD policy.”
Deciding which method to use is a difficult task for executives, especially CISOs (Chief Information Security Officers). In its “Best Practices to Make BYOD, CYOD and COPE Simple and Secure” blog post, Citrix.com illustrates the guiding principles necessary for an MDM strategy to be successful:
• Employees must be able to choose devices that fit their needs and improve productivity, collaboration, and mobility.
• Sensitive company information on mobile devices, or in the cloud accessible from mobile devices, must be secure from loss and theft while maintaining employee privacy. For example, a company with access to its employees’ phones shouldn’t be peeking into their private social network accounts.
• Costs should be kept as reasonable as possible while not sacrificing security.
• Managing devices, securing data, and monitoring apps should be as simple, efficient, and effective as possible for the IT department. The more complex the system, the more likely overworked IT personnel are to miss potential security issues.
Washington State University’s EMBA Degree Program
Washington State University’s Carson College of Business offers an online Executive MBA program that aims to provide students with the knowledge, skills, and training to rise to the top of their industry as strong, influential business leaders. Because cyber security has become a primary area of concern in today’s corporate environment, EMBA students are exposed to the types of IT decisions they could encounter as executives.
WSU’s online coursework includes managerial leadership and productivity, organizational design, and management of innovation. Contact Washington State for more information.
• Cybersecurity Trends 2017 Spotlight Report (Free Registration Required) – http://crowdresearchpartners.com/portfolio/cybersecurity-trends-report/
• Mobile Device Management Has Become Alphabet Soup – https://www.cio.com/article/2988159/byod/mobile-device-management-has-become-alphabet-soup.html
• What You Need To Know About BYOD – https://betanews.com/2016/10/25/bring-your-own-device-breakdown/
• Best Practices To Make BYOD, CYOD and COPE Simple And Secure – https://www.citrix.com/products/xenmobile/byod-best-practices.html