Organizations around the world are discovering that their business continuity plans aren’t prepared for a global crisis of the scale of the COVID-19 crisis.
Most companies have contingency plans designed to flip services from one facility or region to another if service goes down, says Nigel Thompson, VP, Product Marketing at BlackBerry. “The thing that’s caught everyone by surprise is that this is actually truly global and it impacts everyone.”
In many cases, business continuity plans had a global pandemic as a line item, “but it kind of got pushed to the bottom because that’s the worst of the worst cases,” says Thompson.
For some organizations, remote work has been part of their day-to-day operations. However, there is a population of people that can’t use their normal tools to get their job done, Thompson says. “We need to rethink things and give people a new class of tools.”
The Bring-Your-Own-Device (BYOD) Dilemma
Organizations are finding that it’s not possible to buy enough laptops for all of their employees, even if they could afford it. That’s why they’re considering whether to allow people to use their own devices and connect to corporate systems via a VPN. But this exposes organizations to huge amounts of risk, says Thompson. “We can’t trust that device or the applications on it,” he says.“The dilemma is how to mitigate risk and enable productivity.”
At the same time, there is a ramp up of coordinated attacks because hackers recognize that “there are a lot of soft targets out there,” says Thompson. Executives and employees are trying to get their work done on unsecure devices. “There are rampant phishing attacks and file-based attacks from bad actors who are trying to unlock the keys to the castle,” Thompson says.
BYOD is now becoming a real problem that needs to be solved. It’s hard to secure corporate data on a device you don’t own, says Thompson. Fortunately, there is a solution, he says.
How to securely manage a BYOD solution
Thompson advises that there are three things organizations should do to manage devices they don’t own:
- Secure the application that’s going to be accessing your corporate data. Data loss can occur in a number of ways, says Thompson. For example, it happens when someone copies and pastes data into word on their personal device, which then saves it to the cloud. “These are things that keep IT security people up at night,” says Thompson. “You have to wrap that application to put controls on actions like save or copy and paste.”
- Secure the connection. A VPN has been the traditional way to do this. “The problem is that this allows all of the applications on the home computer to see into the corporate system. You need a way to have a private tunnel to the corporate app that’s being accessed. That’s the trick,” says Thompson. Organizations should also use multi-factor authentication so they can verify the user’s identity.
- Secure the operating system itself. This can be done by applying AI-based malware detection, “so if we see something weird happening, we can lock down that application,” says Thompson. This gives control to IT security to keep the data safe.
Thompson urges organizations that are scrambling to find solutions to talk to people that know how to solve these problems. He says he’s proud that, just as it did for September 11, BlackBerry is committed to helping governments, citizens and businesses to get through this crisis.
Learn about BlackBerry’s secure remote work platform, Digital Workplace