This blog post was written by Dan Johnson, a Senior Associate of Business Development at GraVoc.
Recently I had lunch with the president and vice president of a company that developed a software-as-a-service solution for managing security on mobile devices. In my role I often talk with leadership at small and medium sized businesses who tell me one of their top IT challenges is how to manage all of the devices used by their employees. In fact, the topic of mobile device security has been coming up increasingly in the past several months. I suspect this is due to the fact that mobile computing has become so widespread as to be considered commonplace and because news of security breaches on business information systems has crept into the realm of small and medium sized companies.
Huge banks, retailers, and credit card companies no longer claim sole ownership of major breaches of their customer’s sensitive personal and financial information. Now the Web is filled with stories about local doctor’s offices, credit unions, software companies, CPA firms, Legal firms, and even manufacturers being targeted for their customer data or intellectual property.
The conversation at a lunch with security professionals logically centers around things like disk encryption, BYOD device management, compliance, reporting, iOS and Android platform support, etc… and as I sat there I wondered how many of my clients are like me and, while hearing the “tech talk” and absorbing the scary stories of breaches and their subsequent hefty fines right in our own back yard, tend to take the position of “that’s not going to happen to me” and miss the opportunity to protect themselves and their business.
We live in a world, especially here in North America, where one’s personal life is often closely tied to technology and, more specifically, the internet. Banking, purchases, social activities, insurance quotes, appointments, emails, and a dozen other daily activities are done online. All of which contain highly sensitive personal data. On my way to work I heard a commercial for a product that lets you control the lights at your house from your iPhone. Yes, there is an app for that. It has become the norm to such an extent that it is taken for granted.
Now to my point. Ask yourself, how often do employees at your company access sensitive company data from outside your building? Many of the executives I talk to don’t know or aren’t sure of the answer to that question. Consider that there are an estimated twenty million remote workers in the United States alone. That doesn’t even include all of the people like consultants, service technicians, and sales people who are accessing information from the road daily. Imagine a CFO that uses a laptop or mobile device to access your company’s accounting system, financial reports, store contact information for your investors, suppliers, customers, or trading partners. What information could be retrieved from that device if it were lost and what damage could it cause? In many cases the answer is a lot!
Working at a company that provides IT solutions and consulting services for businesses has likely biased my opinion, however, I can tell you from a purely objective standpoint that here at Gravoc Associates and for many of our clients the investment in an MDM (Mobile Device Management) application to protect the company’s critical data has been worth it. Not only does the peace of mind in being protected have value but when weighed against the cost of fines for relatively small data breaches the investment makes complete sense. What small business can take a $50k hit to the bottom line for non-compliance?
What’s best is that from an end-user perspective there’s no difference in how I use my phone or laptop and no change in performance. Frankly, I don’t even realize it’s there. Meanwhile the company’s data and intellectual property are protected. It seems like the best of both worlds.
To learn more about how Gravoc can help you protect your company’s IT and Intellectual assets please visit us at:
https://www.gravoc.com/practices/information-security/