Securing the Move to Mobile

Mobile devices are becoming more commonplace every day as people continue to increasingly rely on them for everyday functions, and with good reason. The ability to connect and communicate whenever and from virtually wherever we want has made our lives productive, efficient and above all, convenient. It’s one of the reasons Alinity made the move to responsive design so long ago; it was obvious to us then that a mobile solution would be the most convenient for both regulatory body staff and memberships. Updating your association or license management software to not just an online but also a mobile solution isn’t something that can be ignored by any organization looking to be a leader in their field.

However, while being a leader in your field is important, it’s just as important to ensure that membership and association information is securely stored and safe. Regulatory bodies hold a great deal of trust, not just with the public at large, but also with their membership. Colleges and associations often deal with a significant amount of personal information concerning their registrants, and it’s imperative to keep that information confidential.

This presents a conundrum for many regulatory bodies and professional associations; to maintain a position of leadership, the organization may be exposing itself to security risks. Fortunately, the right association or license management software is built to resist security threats and helps mitigate risks. So what are some the risks involved with moving to a mobile platform, and how should your software help defend against them?

Being on the Cloud

Storing information on the Cloud doesn’t mean your data exists as some kind of formless nothing drifting aimlessly in the digital ether until you call it down to your phone or tablet. Data is still being stored on servers somewhere—just not your servers. This makes some people nervous, but it shouldn’t. Storing data on local servers may make you feel comfortable and more in control, but ask yourself: how much do you really know about hacking attacks and cybercrime? On the other hand, the people staffing a managed data centre are likely much more qualified to deal with cybersecurity threats. A software solution that stores your data in the Cloud means you get the added protection of a professionally managed data centre with teams of cybersecurity experts. There’s no such thing as a 100% secure solution, but letting professionals handle your data means your organization can focus on your other important work such as protecting the public or serving members.

Staff Access on Mobile Devices

Assuming your software stores information securely in the Cloud, there’s still the issue of staff having access to potentially sensitive information on their mobile devices. Regardless of whether your organization favours issuing devices or follows a BYOD—Bring Your Own Device (a growing trend)—policy, the simple fact is that association staff and members are going to access sensitive information on their mobile devices. Being able to access that information on a phone is exactly what makes Cloud-based solutions so appealing, convenient, and efficient, but it also creates another point of risk for information being exposed. Devices issued by the organization can be lost—or worse, stolen—while allowing employees to bring their own devices incurs the same risk of physical loss and you need to be confident information stored on their devices is being properly managed.

In any case, your software needs to follow best practices when it comes to online and mobile security. This means ensuring that the appropriate files are encrypted to prevent access to your database, using proper password authentication and reset processes, and taking all other necessary precautions to ensure that your organization’s information, and that of its registrants, is safe. Don’t forget to ensure that sessions expire within an adequately short time, so tablets and phones that staff forget to sign out of aren’t an indefinite source of access for unauthorized users.

Staff Behaviour

Speaking of forgetting to log out of devices, there’s also the issue of how your staff treats the seriousness of data protection on their mobile devices. Staff behaviour ranks as one of the most often cited concerns among information technology and security professionals around the world, and represents a serious potential privacy breach that the right kind of association or license management software can help alleviate. This potential threat often has nothing to do with malicious intent on the part of the employees. People these days are just busy and have better things to do than worry about closing an app before hitting the home button, or clearing the history on their tablet’s browser. This isn’t to understate these information security concerns, but to serve as a reminder why mobile security policy needs to be taken seriously.

At the core of this staff behaviour issue is training on mobile security best practices, which in turn means developing a comprehensive policy that your entire staff (and, to an extent, association membership) need to abide by. Training staff and members will help keep mobile security at the top their minds, and reduce the chances of a serious breach occurring. Training staff to log out of devices, close apps and windows, always lock their devices behind a secure password (or biometric such as fingerprint id) and how to recognize a phishing email can go a long way to keeping your membership’s sensitive information safe. You should also make sure your staff are familiar with security protocols when it comes to dealing with sensitive information, such as providing information over the phone. Some of the most high profile security breaches are the result of impersonations and social engineering rather than password failure or technical faults. It’s also important to ensure that your software treats the data as corporate and confidential, making it easy for college or association administrators to remotely wipe from lost or stolen devices.

New technology offers new ways of solving old problems—sometimes even problems that previously had no solution, or problems you didn’t know you had—and proactive organizations are always quick to adopt the latest solutions. But new technologies aren’t without their own set of risks. When it comes to the security of information on mobile devices, the key is to be prepared. With these tips, you can be a leader for your membership by providing leading-edge online services that make your members’ lives more convenient while still protecting their sensitive information, and yours.