Data security is as much about your people as it is about the technology you deploy. As employees can be the focus of cyber attacks, it’s really important to consider how you’re empowering your people to create a strong mobile security culture.
These days, it’s still all too common for an employee to inadvertently click a malicious link or get targeted through social media.
Mobile security culture training
Organisations that introduce formal training programs are likely to minimise mobile security gaps and improve security resiliency. However, a key part of creating a mobile security culture is making it resonate with your people. This means using plain and easy-to-understand language and using scenarios that employees relate to. If the lynchpin of your training program requires your people to click through a PowerPoint slide deck, and correctly answer 80% of the questions at the end, then it’s time you did more.
Accountability is key to security culture
A strong mobile security capability stems from a well-trained and vigilant workforce, and having strong processes and technology. However, simply because your people can retain some information from the training slides is a far cry from making them feel that they're accountable for handling and managing data.
With a mobile security culture, you gain the confidence that your people:
- Understand the rules
- Know where to go for guidance, and
- Know what role they have to play to ensure security.
Giving people a thorough grounding starts with providing an easy to read policy document. This continues with regular messaging from the leadership team encouraging everyone to view, read and listen to the security materials. When your people understand the consequences of a security breach, they take security more seriously.
Here are four ways to get your people invested in your security culture
1. Create a Dos and Don’ts rulebook
Document clear policies and best practices for your people regarding mobile cybersecurity. Getting everyone on board and understanding their role will not only mitigate risk, it can help new ideas evolve and contribute to company success.
2. Make security training ongoing and engaging
It’s not enough to issue a policy document. Everyone within your organisation needs security training at regular intervals. Things like phishing and social engineering attacks come in many guises, so your people need to be confident in their ability to identify them on their mobile devices.
If you can, get creative and make security training fun. Use videos, as well as traditional training, and online interaction. Training should match the job function and should be refreshed at least annually.
To measure employee engagement with your mobile security culture, it makes sense to perform internal phishing exercises to see how employees respond. Those employees who fall into the trap should be given additional training.
4. Adopt the principle of least privilege
In organisations with a strong security culture, users only have access to the systems they need to perform their role. By allowing only enough access to perform the required job, you reduce the risk of attackers gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application.
Leverage EMM tools to enhance your security culture
When it’s a full-time job to manage the risk associated with allowing employees to connect to critical business information and services beyond the confines of the office, EMM tools are essential and include:
- Mobile Application Management (MAM)
- Mobile Content Management (MCM)
- Mobile Device Management (MDM)
- Mobile Expense Management (MEM)
- Mobile Identity Management (MIM)
- Mobile Information Management (MIM)
EMM solutions take care of everything from automating device provisioning to streamlining employee workflows to controlling identity and access management to ensure the right employees have the right level of access.