In recent years, smartphones have given enterprises huge power in terms of productivity and efficiency, while freeing up employees to work from wherever they are. But for IT administrators, this comes with a lot of responsibility, as a single lost device can give criminals the opportunity to access secure networks and highly sensitive information. Features like mandatory access controls and Samsung Knox Workspace are just some of the elements any administrator needs to consider when planning ahead and preparing a strong business contingency plan to account for lost or stolen devices.

To give you an idea of how important it is to secure the network of devices that touch your corporate network, research firm Gartner predicts that by 2021, 27 percent of corporate data traffic will bypass perimeter security, flowing directly from smartphones and portable devices to the cloud. This presents a huge challenge for IT departments who have been used to locked-down computing systems tied to employees desks.

There are, however, practical steps any company can take in order to protect themselves and their employees from attacks.

Require Strong Passwords

When deploying smartphones in your business, all employees should be mandated to use strong passwords to access their devices. Together with advanced biometric security systems, such as the iris scanner on the Samsung Galaxy S8 and Note8, such a system will ensure that should smartphones fall into the hands of a criminal, they won’t be able to easily access the device.

Enable Remote Wipe Capability

If the worst does happen and a corporate device is lost, IT managers need to ensure they have remote access to the device using the appropriate mobile device management (MDM) software. This will allow administrators to quickly and easily access the phone, lock it and wipe any corporate data that they don’t want falling into the wrong hands.

Separate Work and Personal Data

Today, employees don’t want to have to use one smartphone for work and another for personal use, and more and more enterprises are now allowing their devices to be used for both. This can pose a security risk if sensitive work data leaks via an app you downloaded for personal use that doesn’t have the same levels of security as your work apps.

To avoid this situation, enterprise-grade data separation solutions like Samsung’s Knox Workspace, which ensures partitioning of work and personal data on your phone, should be deployed. There are also free data separation solutions such as Secure Folder available on Samsung’s latest devices for individual use.

Implementing a Multilayered Security Plan

Given the proliferation of devices in use by employees today — smartphones, laptops, tablets, desktop PCs, wearables — it is hugely important for businesses to have a multilayered approach to security. While all these devices offer convenience and increased productivity, they also offer hackers an increased attack surface through which to compromise networks.

In the past, companies have shied away from multilayered approaches to security because of the high cost of implementing different solutions. However, as cloud computing has become ubiquitous, and all an enterprise’s web traffic is routed through your provider’s network of high-performance data centers, that cost barrier is reduced significantly.

Today, ITDMs can implement measures at both the software and hardware level, reducing potential risks and costs associated with a cyberattack.

Education Is Key

For all the automated systems that you have in place, often the weakest link in any enterprise security chain are the employees themselves. This is why continuous education about your business contingency plan and other security policies is vital to ensure employees don’t click on the wrong links or download a malicious file. Cybercriminals are becoming increasingly effective at bypassing security measures by using tailor phishing email campaigns designed to fool employees into giving them access to their network.

As well as educating employees about this risk, IT departments should be continuously conducting penetration testing on their own systems — and employees — to probe for weak points and keep everyone alert to new policy changes and vulnerabilities.

Mandatory Access Controls versus Discretionary Access Controls

Deploying mandatory access controls (MAC) is a security strategy that restricts the ability of employees to access certain files or areas of the network, depending on their seniority or security clearance level. Deploying a MAC strategy sees the system administrator initially assign the security levels, which are then strictly checked by the operating system (OS) or security kernel — and are unable to be altered by end users.

At the other end of the scale is discretionary access control (DAC). This puts the control back into the hands of managers and individual employees, who can make their own policies and assign security controls.

Choosing whether to deploy MAC or DAC depends on the enterprise setup and security framework. For companies where security and confidentially is of the utmost importance, then deploying a top-down MAC system is the best solution, but if you want to ensure that your employees can access the information they need at all times, then a DAC system is a more flexible solution.

Today, enterprise-level security is something that ITDMs constantly need to be thinking about as it evolves and morphs to address new threats. With access controls, employee education and a multilayered strategy, organizations can set a security infrastructure tailored to their needs.

Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.