The holiday season is coming, and with it the promise of new mobile devices purchased at steep discounts during Black Friday sales or wrapped and waiting under evergreen trees. While those on the receiving end of these practical and playful presents will be all smiles as they open their new technology, enterprises may not be so merry — what happens these devices hit corporate networks come January? Here’s how to handle the holiday rush.
Trickle Down
When it comes to managing their mobile device network over the holidays, the biggest challenge enterprises face is the influx of new devices. It’s no surprise; users are eager to give or get the latest, greatest smartphones, and many companies plan product launches for late September and mid-October to help capture the attention of tech enthusiasts during the holidays. According to Tech Times, in fact, more than 50 percent of all shopping this holiday season will take place on mobile devices, even among those looking to replace the smartphones or tablets they currently own.
It’s worth noting, however, that companies also face challenges from used smartphones — devices handed down to other family members after the gift-giving season is over. Consider the example of a parent and teenage child. The child receives a brand new phone for the holidays and, not wanting to waste perfectly serviceable technology, the parent keeps the old device and begins using it to access corporate networks and cloud systems. Even though new mobile technology drives the lion’s share of holiday shopping, older devices are often a serious headache for IT admins.
Merry Riskmas?
Bring-your-own-device (BYOD) naysayers frequently lament the risks associated with mobile devices but are often short on specifics. The holiday rush, however, creates a number of serious concerns. First is the use of older models that may contain software or firmware vulnerabilities that have been largely corrected in more recent iterations. Employees new to these devices typically focus on accessing the corporate network and syncing various email accounts but may ignore the need to fully patch and update their OS. Worst case? The operating system is so far out of data that defense isn’t an option. Instead, device access must be limited to protect corporate resources.
Next are new devices. As noted by Computing, the sheer number of devices introduced to the workplace ecosystem after the holidays makes it hard for IT teams to keep up. What’s more, attackers are well aware that corporate defenses will be weaker than usual during this period and may increase the frequency of their attacks.
There’s also the problem of poor security hygiene on the part of employees. Enamored with new mobile devices and either looking forward to time off or lamenting the end of their vacation, they may relapse when it comes to mobile security. According to The Huffington Post, for example, there’s real risk from using public Wi-Fi, opening holiday spam or spending time at work shopping online. Cybercriminals are looking for the opportunity to slip past defenses, hoping to find a skeleton crew at the helm.
Handling Holiday Mobile Devices
So how do companies make sure they’re ready for the holiday rush? To start, it’s critical to prepare for a multi-OS environment. This is especially true after the holidays when both the types and versions of systems used on the corporate network significantly expands. Companies must be ready to monitor and manage regular updates in addition to limiting the use of devices that don’t adhere to mobile management guidelines.
It’s also worth running a refresher course on mobile security to make sure all employees are on the same page. Ideally, this is done face to face and with clear messaging. For example, workers should be warned against conducting holiday shopping at work or opening holiday-themed email attachments in addition to being reminded that both devices and workstations should never be left unattended, even in the office. While this runs the risk of casting IT as the office Grinch, it’s better to have one internal bad guy than a host of malicious actors beating down the virtual door.
It’s also a good idea to revisit basic BYOD policy and ensure that new devices aren’t getting missed. Best bet? Set up a mobile access policy long before the holidays arrive that requires users to bring their devices directly to IT for inspection and the addition of network monitoring software. Expect some pushback, but make it clear that this is an expectation, not a request. IT can do its part by ensuring it is supporting employee requests for cloud-based apps where possible — but only after the device has been secured.
By integrating this type of permission-based method before the holidays and their related technology influx, it’s possible to eliminate the bulk of employee resistance. By the time their new devices are in hand and ready for activation, they’re already on their way to see company IT for evaluation and access.
For many companies, the influx of new mobile technology during the holidays is a gift they don’t want — it results in an IT time sink, a larger attack surface and the increased risk of employees passing over cybersecurity objectives in favor of shiny new devices. Get a handle on the holiday hoopla with a proactive approach to mobile security.
To learn more read the complete e-guide: Curing the Cause of Common Mobilephobia