By Colm Healy, From Corrata
In the early years of the last decade, it became normal for employees to have access to the internet from their desktops. Companies recognised the productivity benefits that the internet offered, but were conscious of the risks of granting unbridled access. They could foresee situations in which unrestricted internet access could be used to create a hostile work environment, to cause security threats, to affect the company’s reputation and ultimately, do more harm to productivity than help. To combat this, employees were asked to comply with Acceptable Use Policies (AUPs), which are now commonplace in most cyber security and compliance-aware organisations.
Today, many employees access the internet not through desktops, but through mobile devices. However, the information security infrastructure has not evolved to fully address this. While most organisations havesystems in place to control security settings on these devices, few have extended web security and content filtering solutions. The risks associated with this neglect are substantial – now is the time for organisations to remedy this gap. In this post we explain some of the reasons that implementing web security solutions for mobile should be an urgent priority.
Cyber Threat Prevention
Without content filtering, mobile devices have access to pretty much everything on the internet – including content which would compromise the security of your organization’s data. Phishing and malware download sites, command and control servers and botnets are obvious dangers. Moral policing isn’t the agenda but rather security and risk prevention is. It’s been relatively simple to block access to malicious content on corporate desktops/laptops, but a highly-portable mobile device presents a different problem. Unbeknownst to employers, an employee’s phone can connect to a variety of networks, access content that jeopardises the security of their network, fall victim to phishing and worse. There are numerous variables with just one employee’s mobile device use. Applying this risk across the entire workforce, the potential for disaster increases with every single mobile device that has access to any company data. The device doesn’t have to connect to the workplace’s network. An employee having, for example, access to a work-related email on their phone can be detrimental if there are no security measures that protect that corporate data. Through mobile content filtering, companies can greatly reduce the possibility of a security breach.
Mitigating legal and reputational risks
Companies have and continue to be held liable for their employees’ actions. While not limited to sexual harassment, copyright infringement and corporate bullying, extending web security to mobile can help prevent the above, and more, from happening. For example, if an employee is viewing sexually explicit content at an off-site work event, this can contribute to a hostile work environment. Gambling and other adult websites are more likely to use unencrypted technologies that are easily exploitable, so they’re more likely to leak personal and company data. So it’s not prudery or moral policing thats at play when restricting access to inappropriate content. It is simply for the safety and well-being of employees, as well as the security of the company. There is a legal obligation to ensure that employees are not subjected to an intimidating, hostile or otherwise offensive workplace. This means restricting access to content that displays or promotes violence, hate speech, pornography, and any other such NSFW content, as it can contribute to a negative working environment. This approach not only improves employee wellbeing, it greatly reduces the risk of litigation. Furthermore, content restriction can indirectly discourage white collar crime and corruption. The Broken Windows Theory asserts that when basic rules are properly enforced, the overall level of rule breaking is reduced. If companies reduce the number of low-level content violations, it can lead to a more ethical corporate culture.
Elimination of Shadow IT & Data Loss Prevention
Shadow IT refers to IT systems and solutions used for work without organisational approval, e.g. online file sharing platforms such as Google Drive. Shadow IT takes potentially sensitive corporate data and moves it outside of the protection of the company’s IT system. This increases the risk of data leaks and theft. Combined with mobile device usage, Shadow IT is exceptionally difficult to track and eliminate. By definition, mobile devices are highly portable and can be used to connect to various, potentially dangerous networks. Without a web security solution for mobile devices, it’s nearly impossible to determine which apps were used, which websites were accessed and which services were used for work-related purposes. Employees are sometimes unaware of the risk. It isn’t uncommon for employees to store business-related files on personal file-storing services. It just means that if their personal account is breached, corporate data has been compromised. The problem continues when businesses can’t tell if a breach occurred. Breaches are bad, but being unaware of the breach is even worse. Often, the employee is not intentionally acting maliciously. Usually, they’re simply trying to work as efficiently as possible, unaware of the possible consequences of their actions.
Productivity and Safety
Mobile devices present a challenge in that users can access the internet, apps and games at any time/place. They are ‘distraction engines.’ From a work perspective, this has two potential impacts. The first is that devices can become a productivity drain. An OfficeTools survey suggests that 5 hours a week are lost to non-work-related mobile device usage. The second impact is potentially more serious – in high-risk environments such as factories or building sites, mobile devices can compromise safety. Restricting access to recreational mobile services can positively influence workplace productivity and employee health and safety. In this instance, the argument for mobile content filtering is an obvious one.
Corrata makes it easy for organizations to extend web security to mobile devices. With the Corrata app installed on iOS and Android devices, usage can be aligned with corporate security and acceptable use policies. All internet usage is filtered on the device itself, so Corrata doesn’t monitor employee internet traffic. This means our solution is fully GDPR-compliant. To learn more about the Corrata solution click here.
Come and meet the team at ECS UK 2018 at Stand 24