March 20, 2015 By Kevin Olivieri 3 min read


If you notice uncharacteristically low activity and noise levels throughout the office this week, don’t worry. You haven’t mistakenly come into work on a weekend or a surprise holiday — it’s time for March Madness!

The NCAA men’s basketball tournament, one of the most watched and bet-on sporting events of the year, is about to tip off, and enterprise productivity is about to get rejected, with an estimated $1.9 billion lost this year. Due to a partnership between CBS Sports, Turner Sports and the NCAA providing unprecedented levels of access — including the availability of all 67 games online — even more employees than ever (nearly 100 million) are expected to be distracted by March Madness this year.

While the distractions and the significant bandwidth strains associated with following March Madness can damage organizations, there is another more dangerous issue lurking in the crowd that organizations with bring-your-own-device (BYOD) policies and enterprise IT should be particularly wary about: mobile security threats.

Mobile Devices and Malicious Activity During March Madness

A post-event study with IT managers around last year’s March Madness revealed that employees’ personal mobile devices were key players in following the tournament at work. Although there are official ways to securely follow the action, the likelihood that all employees will always use these is low.

Many employees who seek out free, alternative sources to watch the tournament may unknowingly turn to malicious websites and apps on their smartphones and tablets. Malware, phishing and other malicious attacks thrive during popular online events such as the World Cup and March Madness, and a slipup by one employee whose mobile device is connected to corporate data could wreak havoc on an entire organization.

Dangers of a Hard-Line Approach

One way organizations may look to combat the potential issues at hand is by completely banning and blocking anything related to March Madness in the office. While it seems straightforward, this hard-line approach is actually not recommended. Experts point out that it could have a dramatic effect on a company’s bottom line, with disengaged employees lowering the quality and quantity of work output and potentially increasing turnover.

Protecting the Enterprise From Malware Madness

With banishing March Madness from your organization off the table, there are two ways to avoid seeing your enterprise upset by mobile security threats: mobile threat management and user education.

If your organization supports BYOD, it is incredibly important to have an enterprise mobility management solution in place with mobile threat management (MTM) capabilities. MTM can stop mobile threats in your enterprise by detecting, blocking and managing mobile malware and addressing and remediating the concerns before they affect your organization. Having the ability to proactively manage mobile threats in real time is vital to help reduce the risk of sensitive corporate and personal data leaks from malicious March Madness-related cyberattacks.

User education is another effective defense that is absolutely vital at this juncture. IT can use this time to educate employees on the personal and corporate dangers of malware and phishing attacks targeting users seeking March Madness content on mobile devices and how to avoid them. Ignoring unfamiliar links, avoiding unofficial streams and downloading only official apps for the NCAA tournament will go a long way toward curtailing the myriad mobile security risks that could arise.

IT can also take this opportunity to remind employees of the organization’s established BYOD policy for personal mobile device use in the office and what they should do to stay compliant and continue to have secure access to the corporate resources they need to get their jobs done.

A strong combination of MTM and user education can be the difference between watching the upsets take place on the court and experiencing them in the enterprise.

Image Source: Flickr

More from Risk Management

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

The evolution of ransomware: Lessons for the future

5 min read - Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to the past and recent trends to predict the future. 2005 to 2020: A rapidly changing landscape While the first ransomware incident was observed in 1989,…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today