- Remote employees often have access to corporate data on their personal devices.
- Corporate IT teams can use mobile-device-management software to protect company data.
- This article is part of the "Cybersecurity Briefing" series focused on how IT and security decision-makers can navigate the new landscape of hybrid and remote work.
The "moat" that once protected corporate data is long gone. With data residing on a range of mobile devices, in the cloud, on kiosks, and often on business partners' networks, companies must find ways to identify and protect their information.
This responsibility is just as important for small to midsize businesses as it is for a Fortune 500 company, especially when that data might be subject to compliance laws and industry privacy regulations.
Small to midsize businesses — companies with up to 1,000 employees — often don't have as many trained security staffers as larger enterprises. But they have the same security and compliance requirements.
"SMBs often underestimate the frequency and severity of cyberattacks directed to smaller organizations," said Orson Lucas, a principal in cybersecurity services at KPMG.
Ultimately, protecting data like personally identifiable information wherever it resides, on local or remote devices, is imperative for all organizations.
Providing every employee working from home a company-owned device with corporate security software installed and restricting employees from using their personal devices for work might work for some larger companies, but a smaller business could be priced out. So how can it protect remote data?
SMBs and protecting remote data
Security for mobile devices is more than multifactor authentication and a virtual private network.
Mobile device management, or software that creates barriers on employees' devices to separate corporate data from personal data, can help ensure that employees do not accidentally compromise corporate information on their own devices.
The software allows corporate IT teams to determine how their user connects to the corporate network and which actions they can take with the data. It can also be used to help determine what happens if an employee-owned device with corporate data is lost or stolen.
Since wiping an employee's personal device with corporate data would also delete the owner's data, the company would need the employee's agreement to let it wipe the device for that reason.
The ability to wipe only the partition that contains the corporate data would permit the company to protect its data while the employee retains their own information.
"Attackers are increasingly wise to the fact that small businesses don't emphasize or invest in security as much as larger organizations," Lucas said. "With the increase in remote work after COVID-19, many small businesses failed to adapt to the increased threats from mobile devices. An MDM can help protect an organization's data and the integrity of their business."
Lucas said companies of all sizes should determine which MDM would work for both their level of risk and their budget. For SMBs specifically, he said, "the use cases for mobile devices will range widely, and a risk-based approach will help to ensure an appropriate level of investment."