By: Sumeet Bhatia; TigerText Chief Technology Officer
As the world found out in 2014 – data is not as secure as you think. This was especially true for many retail giants as we learned from the Home Depot, eBay, Michaels Stores, and Neiman Marcus hackings.
It wasn’t just retailers that got hit, but also large enterprises including JPMorgan Chase, Sony, and dozens of large healthcare entities such as Anthem, Community Health Systems, and the Texas Health and Human Services Department.
With the hundreds of million data records hacked in 2014, it seems like almost everyone has been touched by the year’s data theft. So, what will 2015 bring?
Enterprises are already realizing there are many potential channels of data theft. Each channel will need to be addressed in its own way. But this begs the question…will enterprises be able to implement new security measures that will actually make it harder to hack in and steal data?
In a typical enterprise network situation, you now have two main data storage and data communication channels.
The first data storage and data communication channel is the main IT server infrastructure which includes internal servers and desktop networks and is the traditional enterprise data storage and communications hub. It is on the main IT server infrastructure where most enterprise data and data communication has resided.
The second channel is the enterprise’s Personal Mobile Network (PMN), which is all the personal devices that network between themselves and with the main IT server infrastructure. Over the last five years, PMNs are becoming a growing percentage of the overall enterprise data and communications picture. This is particularly due to the introduction of Bring Your Own Device (BYOD) policies and the new business requirements of today’s growing mobile workforce. It is this channel that is putting the most stress on enterprise data security efforts.
Most of an enterprise’s data is stored and transferred via its main IT server infrastructure, but it is increasingly through the Personal Mobile Network that hackers are getting the information and access path they need in order to hack the main IT server infrastructure. It is one of the main reasons why CIOs aren’t big fans of BYOD and the Personal Mobile Network in general.
An enterprise that aims to stop the use of personal mobile devices on the network is like trying to stop the sun from rising with an umbrella – the only one you are fooling is yourself. Even though Personal Mobile Networks have a lot of risks, they are part of today’s workforce and will only become more prevalent over time.
Fortunately, though, there are ways to deal with this. Here are four top tips for securing a mobile network in an enterprise environment:
1.) Create a BYOD Policy: This is a thought-out plan and document that describes the security practices for BYOD and mobile devices in a given enterprise network. We recommend enterprises use this template.
2.) Set up an Enterprise App Store: An Enterprise App Store is a relatively new concept in which an enterprise sets up its own app store stocked full of apps that have been approved by the IT department to ensure they are safe and can help make a user’s personal device more secure.
3.) Incorporate Secure Messaging: One of the safest and most secure ways to quickly transfer information and files is with a secure messaging app, such as TigerText. These apps allow workers to not only send secure text messages that are encrypted and can auto-delete, but messages can also be remotely wiped in case the device is lost or stolen. These features not only help to secure data on a mobile device but also prevent hackers or other outside threats from finding a way into the main IT server infrastructure.
4.) HIPAA, SOX, and FINRA Compliance Practices: Enterprises should pay close attention to the compliance regulations in their industry. It is recommended organizations implement best practices around these policies. For example, healthcare organizations can implement safe communication practices around HIPAA and utilize and HIPAA-compliant apps to maintain data security within the organization.
Implementing some or all of these tips will not only go a long way in increasing an organization’s overall data security level, but it will also make it much harder for hackers to steal the enterprise’s data.