IT | Security

Managing Data in a Mobile Environment

By: Absolute Editorial Team | 4/16/2014

CSO Online’s Kim Lindros and Ed Tittel recently collaborated on an article about how to prevent data loss on mobile devices. While we talk frequently about device theft on InTelligence, data on devices is at risk from a variety of vectors, including accidental sharing of data, phishing, malware or malicious apps. When it comes to more regulated industries such as healthcare, even a simple text message containing PHI can violate HIPAA regulations.

The authors at CSO Online recommend these 5 strategies for managing data in a mobile environment:

  1. Data backups are necessary
  2. User education cannot be overlooked. Emplyoees need to know what sensitive information is, how valuable it is (see our study on this misconception), and how to protect it
  3. Data classification standards  should be implemented. Most DLP technologies use this.
  4. Protect data in all its forms, with clear policies, for its entire lifecycle
  5. Mobile DLP software is necessary to identify security threats
Of course, the authors also assume that all devices should use basic security precautions including strong authentication, anti-malware, and VPN for access to the corporate network. Strongly iterated in the article is the need for employees to be held accountable for their treatment of corporate data. Our own studies have found a lack of accountability for data handling, so we think this is a great idea.

We know that BYOD and the subsequent fragmentation of devices introduced into the corporate environment causes enough IT headaches without users circumventing rules and technologies put in place to protect data in order to work more productively. When IT is focusing on improving data access, often data security takes a back seat. To solve this, we have often advocated for the change in focus. Rather than focusing on the device, IT should focus on the user. When you define your data by the individual, you have a greater control over understanding what data access is needed, where the data is being used and how to respond if a security incident occurs.

For more on creating an efficient BYOD policy, read our guide on How to Implement a BYOD Policy in 3 Simple Steps.