Studies show that when you encourage a digital workplace, your employees are more productive, tend to be more collaborative and more flexible, and communication improves. Most of the digital workforce uses a smartphone or desktop computer for work; only 4 percent of employees use tablets for work.
However, because it is connected to the internet, even one tablet connected to the network can become a security risk. A new consideration to bump up tablet security are the new data privacy laws in effect. If your tablet is loss, stolen or the data is otherwise compromised, you could create serious legal and financial problems for your company.
Here are five tablet security threats your employees face, and how to prepare for them.
1. Mobile malware
Tablet users are at the same types of risk for mobile malware as smartphone users. The most popular types of mobile malware include banking malware, spyware, adware, MMS communications malware, and the growing threat of mobile ransomware. The goal of the malware is to infect your tablet and access stored and transmitted data.
What to do: Android's security problems have been well documented. Google Play doesn't require the same level of scrutiny as Apple's App Store, but the real threat is with third-party stores, which provide more design freedom for developers but aren't monitored by official OS outlets.
Also, don't fool yourself that iPads are safe from malware. Symantec reported that iOS malware is increasing at a greater rate than Android malware. Steps to take to prevent mobile malware from infecting your tablet:
- Be wary of free or fake-looking apps, and educate employees on how to tell when a free app looks suspicious.
- Tell workers to do their research before downloading any app.
- Always download from Google Play or the App Store, and avoid third-party stores and downloads.
- Install a mobile security app that automatically scans, detects and removes malware for both Android and iOS.
2. BYOD risks
Having a Bring Your Own Device (BYOD) program can be very beneficial to a business. Employees can use their preferred devices on the job, which increases both job satisfaction and productivity. But it also comes with many risks, primarily from employees being lax about device security and combining work and play in a single device.
What to do: Make sure to implement and enforce an effective BYOD policy. This includes setting clear standards about what employees can and can't do with their devices, where to draw the line between work and personal use, and what employees can expect in terms of their privacy and how the company can access and monitor employee devices for security purposes. Also make sure that the IT and security staff know that you are using your own tablet on their network so it can be monitored.
3. Shadow IT
Everybody has their favorite apps. They may prefer Google Drive to Dropbox or Evernote over Office. If your style matches your company's applications and software, it simplifies your work life. But if you want to save files into your personal Dropbox account to work on after hours, or if you have a habit of downloading apps on your work tablet without informing your IT department, you are creating unnecessary risk.
IT and security can't protect the network from apps (and devices) they don't know about. Unauthorized app use is especially a problem with BYOD use.
What to do: There should be an open dialogue between employees and IT staff about the types of apps being used, especially public cloud services, which seems to be one of the biggest shadow IT culprits. Employees should have a clear understanding of the security risks of using an unauthorized app, while IT and decision-makers should be open to adding the business versions of some public clouds (business or paid versions of apps usually have more security options than free versions). The purpose behind using these apps is about efficiency and productivity, so the organization should work with employees to determine the app's value to the business.
4. Unsecured networks
From cafes to airports, hotels and other areas, plugging tablets into public Wi-Fi hotspots may be convenient for on-the-go employees, but it's also one of the easiest ways to give cybercriminals access to sensitive data. Flaws in the WPA2 protocol allow anyone to intercept sensitive information transmitted through public Wi-Fi hotspots.
What to do: The simplest solution is to avoid using public Wi-Fi, including the hotel Wi-Fi that requires you to sign in through your room number and a password. Never log in through an open Wi-Fi connection. If you need to use Wi-Fi while on the road, use a VPN connection, preferably one connected through your company's network. (Beware of free VPN apps, as they often have security flaws.) Your best bet is to get a data plan for your tablet and use that.
But if using public Wi-Fi is unavoidable, never share Personally Indefinable Information (PII), such as Social Security numbers, bank account information, or credit cards.
5. Theft and loss
It goes without saying that employees should never leave their tablets unattended, but theft does happen. Workers also lose mobile devices all the time. Because there's no foolproof way to completely prevent theft and loss, businesses should have a contingency plan.
What to do: Although the chances of getting a stolen tablet back are slim, what businesses can do is protect the data within the device:
- Use a lock screen that requires a PIN, password or, even better, biometrics.
- Locate and wipe the tablet as soon as possible. Apps like Find My iPhone, which also works on iPads, can help you both locate and remotely wipe the device. For Android, check out AndroidLost, which can also wipe SD cards. Windows tablets, however, don't require third-party apps; devices connected to the Microsoft Exchange server can be wiped remotely from the Exchange Administration Center (EAC) or the Exchange Management Shell.
- Make sure you always log out of apps after use, so if someone is able to access your tablet, they won't be able to access your apps.
- Save everything to the cloud, rather than to the device. That way you can still access the information if the device is wiped and limits what others can access.
- If possible, avoid sharing sensitive information on your tablet so it can't be compromised if lost or stolen.