On today’s show, we discuss how to appropriately balance your company’s cyber security with your employee experience.
Denis O’Shea founded Mobile Mentor in New Zealand in 2004. Since then, the company has helped millions of people unlock the full potential of their technology. In 2017, O’Shea moved to Nashville, Tennessee to launch the company’s US business, with a focus on securing the mobile workforce in industries such as healthcare, education, finance and government services.
Mobile Mentor is a global leader in the endpoint ecosystem, helping clients to navigate the right balance between security and employee experience. The company was named Microsoft’s 2021 Global Partner of the year for Modern Endpoint Management primarily for their work helping Alive Hospice safely treat patients during COVID 19. In addition to being a top Microsoft partner, they are also certified by Apple and Google. Mobile Mentor has recently worked with Vanderbilt University Medical Center, Michigan Medicine, Mayo Clinic and the US Coast Guard.
How has the pandemic shifted the way employees work and shifted the balance between employer and employee?
- Increase in employees working from home
- Increase in cybercrime with cyber criminals going after healthcare, government, schools, etc.
- Global chip shortage which brought about the “bring your own laptops” policies
- Hiring and onboarding done remotely
- The Great Resignation
What is the biggest risk of employees using personal devices?
Password hygiene. – Employees are typically reckless with passwords, writing them in a notebook or in a note on their phone. We have too many passwords, and we are managing them badly.
What is the solution to rampant bad password hygiene?
Be password-less. Do away with passwords, and instead use:
- Single sign-on
How can we combat a lack of balance leaning toward companies being too strict with conditional access policies?
- Allow exceptions by request, when traveling for example.
- Allow trusted devices already approved.
Remote workers and Generation Z employees both bring about a “Shadow IT” – employees using their own devices and apps/tools. How can we combat a lack of balance leaning toward employees being too lax with cyber security?
- Involve these groups in the decision-making process when choosing collaboration tools. They will pressure-test them and point out weaknesses.
- Use technology tools to detect what apps/tools are being used.
- Re-frame “company security” to “privacy”. Younger employees care about personal privacy, and are better able to relate that to customer privacy and ultimately company privacy.
What do you see being different in 5 years?
- Quick and efficient onboarding. This will go from a 3-day painful process to a scenario where the employee will be the first to touch the device. They’ll have a one-time access code and the device will self-configure, giving access to everything needed, set up properly. Rather than a 3-day process, they will be up and running within an hour.
- No Passwords. Biometrics used instead.
- More personal devices, rather than company-provided devices.
How do we combat security breaches?
- Give only the minimum amount of access to do the job.
- Use time-restricted access when more access is needed temporarily.
- Create dynamic groups as the privilege set, rather than users. Add users to the group, and remove as needed.
Connect with Denis O’Shea:
Research data – https://endpointecosystem.com
Company website – https://www.mobile-mentor.com
LinkedIn – https://www.linkedin.com/in/denisosheamobilementor/