It seems as if with every passing day, the technology surrounding us evolves exponentially. And that’s because it is. From Apple’s Vision Pro to Quantum Computers, there is no shortage of technological capability. Although, this opens a world of possibilities, it also has a dark side many fail to consider. This is exactly what happened when mobile devices such as smartphones and tablets were introduced to the workplace. They brought unrivalled connection and collaboration, but they also created a myriad of options for malicious actors. This is the mobile paradox.
Previously, organisations were ‘isolated’ and very rarely operated outside of their internal networks. Computers were fixed to desks and meetings were conducted in person. Your endpoint was your front door. Mobile devices flipped this paradigm and way of work on its head, with the endpoint becoming wherever your mobile device is. From coffee shops to airports, there are now endless vectors of attack for malicious actors to compromise your organisation. Here’s how you can manage this dynamic perimeter while still reaping the benefits of today’s technology.
1. Educate and train staff
This is by far the most common yet, most important aspect of any cyber security guideline. Roughly 86% of all cyber-attacks are a result of insider threats. This means that your staff are both your first and last line of defence. Having well-trained and happy staff will almost completely reduce your attack surface.
Having clear, written instructions on how mobile devices should be used within the organisation is an essential baseline to establish. This documentation needs to be frequently revisited and easily accessible. Feedback from different departments is essential here since you will be incorporating the needs of different business functions. For example, IT might have more flexible control over their work profiles than sales.
We recommend frequent awareness training to ensure your staff are conscious of their actions within your business. You can have the most advanced next-generation anti-virus, if an unaware user clicks the wrong link, everything could come tumbling down.
2. Take internal measures
This point falls under a broad scope of cyber security best practices but it is still important to mention. A lot of these can be considered common-sense practices despite the number of organisations that neglect them. For example, making sure you have strong, multi-character passwords that include numbers, symbols and upper and lower-case letters. You should also never use the same password more than once.
Zero-Trust principles are ideal and very easy to implement. Your chance of being compromised is reduced when you provide only necessary login details to the appropriate people. Two-factor authentication, an up-to-date next-generation anti-virus or EDRsoftware and backups are a few more essential internal measures.
Mobile device management tools take the stress away by allowing you to remotely access and manage any devices within your organisation. Through this kind of software, you can enforce password rules, restrict application or website access and even wipe device data in the event of hardware loss or theft.
3. Ensure containerisation
Many businesses find Bring Your Own Device or BYOD policies to be attractive. This is because it allows employees the freedom to use what they are most comfortable with while allowing the organisation to reduce costs. Containerisation refers to the separation of work from personal usage. If personal usage is mixed with corporate activity, you open your organisation up to a myriad of potential attack vectors.
If you make use of a BYOD policy within your business, it is essential that you maintain work profiles. This is also important for employees who care about work/life balance as it gives them the ability to choose when they want to receive work-related communications.
4. Implement an offboarding plan
How many times have you left an organisation just for almost no mind to be paid towards anything you accessed while there? Perhaps you snapped a photo of a document because the printer wasn’t working. Or, you sent an attachment via your personal email when the network was down.
Employees who leave your organisation have less incentive to protect the intellectual and physical property of your organisation. By having a containerised mobile device management solution, removing corporate information can be done remotely and with ease. As opposed to manually collecting the devices, locking the former employee out, and ensuring all passwords and usernames have been handed over.
With an offboarding plan you can make this system as efficient as any other in your business. On the last day of employment, the relevant department needs to (in the case of BYOD) remotely remove the employee’s work profile. Once their email account and any other associated platforms have been deleted or migrated the risk your organisation could face from an insider threat is significantly reduced.
A supply chain security checklist
Below is a list adapted from Wright and Lewis (2022) that you can use to kickstart supply chain security management within your business.
- Implement locks as well as tamper-evident seals when shipping.
- Use accredited or certified suppliers.
- Require background checks for employees.
- Make use of permission based or Zero-Trust principles.
- Implement cyber security best practices within your organisation.
- Conduct regular cyber awareness training with your staff.
- Regularly audit open source and vendor code.
- Restrict the access of third-party software.
- Have a response plan in the event of a discovered threat.
- Speak to experts about your supply chain security.
The growing prominence of supply chain security runs through every aspect of business these days. Many South African organisations have felt the impact of supply chain disruptions. Whether, it be Eskom’s rolling blackouts or Transnet’s truck backups at the harbours. By implementing just a few of the above-mentioned principles you can give your business the edge it needs to focus on what you do best.