Altodigital's Alistair Millar on why the growing mobile workforce must be connected
Mobile security can be a weak link when it comes to both cybercrime and compliance, says Alistair Millar of Altodigital.
Mobile working has become a way of life - so much so that it’s difficult to remember all the fuss surrounding the whole BYOD issue.
At the time, those who decided on a BYOD policy took measures to counteract the risks of allowing remote access to company data from employee devices. For example, they strengthened their firewalls and introduced tiered systems of mobile access.
As a result, many businesses felt even stronger than ever – invincible even. However, in reality the number of security breaches continues to rise. High profile victims such as Uber, which recently revealed being hacked late 2016, exposing the personal information of 57 million customers and drivers, the credit rating company Equifax and Yahoo have contributed to the shock headlines by admitting their own breaches and showing that nobody is immune.
Even Deloitte, the multinational professional services firm, suffered a humiliating security attack in September this year. It came to light that the company wasn’t using two-factor authentication which was surprising as Deloitte was once named as ‘the best cybersecurity consultant in the world’.
- Repsol to work with Microsoft to accelerate digitalisation process
- EWE and Deutsche Telekom collaborate on €2bn fiber-optic broadband expansion
- Feature: clarifying digital transformation – before it’s too late
It seems cybercrime is a real leveller. Earlier in 2017, the UK government released the results of a cybersecurity survey which revealed that seven in ten large businesses had identified a breach or attack. However the survey points out that small businesses can be hit particularly hard by a cyberattack, with nearly one in five taking a day or more to recover from their most disruptive breach.
This is not to say that mobile access has been responsible for all these breaches. However, cyber criminals will always find the weakest links. Today, mobile devices are increasingly under attack. In fact, in a study for Check Point software, 20% of companies polled said their mobile devices had been breached and nearly all (94%) expected the frequency of mobile attacks to increase.
The problem is similar to all security weaknesses. The more secure and robust the mobile operators make their systems, the smarter the criminals become in creating malware to penetrate them – with spyware becoming equally sophisticated.
Mobile apps are another target, especially those which enable users to store personal details. Increasingly these are being used by workers in the field such as insurance risk assessors, sales reps and customer service agents. They can store significant amounts of data – often customer information and personal details – and are extremely vulnerable to hackers.
At the same time, many businesses are also migrating their data to the cloud (it’s suggested one in three now use cloud storage) and bringing a whole new set of concerns. They need to ensure that their security is at least mirrored by that of their cloud provider. If a company is using cloud services, they are themselves still liable for the security of any data forwarded to those services.
All these issues are currently coming to a head as the deadline for compliance with the new General Data Protection Regulations (GDPR) in May 2018 comes closer. Now businesses face being hit from two sides – the hackers and the regulators. With the promise of severe penalties of up to £20 million, it’s difficult to know which is the greater threat. Gartner appears to agree, noting that “by 2019, 30% of organisations will face significant financial exposure from regulatory bodies due to their failure to comply with GDPR requirements to protect personal data on mobile devices.”
Point of no return
Yet, we’ve come down the road of no return when it comes to remote and mobile working. To deny employees access to corporate data when out of the office could be akin to surrendering to the competitors, so great are the productivity gains.
So how can businesses – and especially small businesses without a huge IT department – exercise ‘due diligence’ and protect their data to the required levels? As I see it, there are four main areas to consider:
1. Is security housekeeping up to date?
Updating patches regularly would have negated many of the problems associated with the recent WannaCry ransomware attack. Easier said than done for many hard pressed small businesses where patching can be seen as a hassle. However, making sure the latest anti-virus and anti-malware software is in place and firewalls and gateways are up to date is a vital first step to protecting data.
2. Protect against data leakages
A mobile security strategy should be developed. This should include who can access what, a policy on mobile apps and storage of confidential company details – not just on mobile phones, but also on laptops, tablets and USB sticks which can be easily mislaid.
Education is key here. For example, some people like to save work in multiple locations to ensure accessibility and to know there is a back-up. But this doubles or trebles even the vulnerable spots. If the laptop is left on a train, it could fall prey to anyone with the basic skills needed to break into it. Any file sharing applications used could also be compromised.
Employees should be made aware of potential security threats and be responsible for ensuring passwords are strong and they carefully manage and protect both their own personal data and the company information entrusted to them.
Businesses should protect other potential weak spots such as mobile printing. If documents are sent to print from a mobile phone to an office, they can easily then get into the wrong hands. They should ensure to use printers that hold documents until a user enters the right PIN code or other authentication and use encryption.
3. Put the right authentication processes in place
Adaptive authentication based on certain parameters can ensure that while employees have easy access to low risk data, a company’s confidential information is kept safe and only access by those with the right authority and trust.
This may mean that access to some parts of the network require only a single password, whereas reaching HR data, for instance, requires two-factor user authentication and a digital certificate, even for the same user.
4. Security at every point
An increasing number of organisations are implementing several layers of mobile security to plug every vulnerability. This can include mobile device management, mobile application management as well as anti-malware and anti-ransomware.
There’s no one size fits all here, just a policy of adding protection at any weak point.
At the same time, all these measures can’t prevent the mobile worker from doing their job as efficiently and productively as possible – otherwise all the advantages of mobile working will be lost. It’s a balance between benefits and responsibilities and only those who get it right will win out in the end.
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”