Don’t Let Security Concerns Stop You From Embracing Mobility
There is no question that heading into 2019, mobility is critical to a company’s efficiency, profitability and growth. At the same time, the use of mobile devices increases the business’ attack surface and extends the security agenda.
From phishing scams to device theft, data breaches due to inadequate mobile security have become a real concern. According to Verizon’s latest Mobile Security Index, 93 percent of businesses say mobile devices present a serious and growing threat, and 79 percent cited intentional or accidental employee misuse as the most significant security concern.
Common Mobile Security Concerns
There are many ways that mobile security can be compromised on mobile devices. Some breaches are caused by devices that don’t have adequate built-in security controls, while others are the result of lax management or user error. Regardless of the reason, the results of a mobile security breach can be devastating. According to a survey by Check Point and Dimensional Research, companies expect a mobile device breach to cost more than $100,000 to remediate.
Verizon’s research shows that malware is the most common type of mobile attack, followed by ransomware, where malicious software denies users access to data until a fee is paid. Other cyber threats include network attacks from unsecured public Wi-Fi, credential theft and keylogging exploits against mobile devices.
Employees may also lower the company’s defenses by creating weak passwords and failing to make password updates. This makes it easy for hackers to infiltrate the devices and access sensitive information, such as classified company data, text messages and emails, personally identifiable information (PII) or credentials. Device theft or loss is a particular concern, because if hackers are able to get past the lock screen, they have an open door to the company network.
In other cases, employees might download an application, assuming it’s safe, only to have that application introduce malware or spyware on their devices. With this nefarious code, it’s simple for hackers to steal sensitive information.
Don’t Let Security Fears Hold You Back
While mobile security threats are very real, there are ways to minimize the liability that mobile devices can cause. The best way to do this is by using a three-pronged approach that focuses on device security, policies and device management.
Device Security: When it comes to security features, mobile devices are not created equal. Choose a security platform that is built directly into mobile devices, protecting it from attacks and continuously monitoring for suspicious activity. If it detects signs of tampering, a well-defended device can automatically shut down the affected network or application. A comprehensive security platform will also incorporate biometrics such fingerprint or iris scanning to restrict device access.
Policies: It’s surprising how many companies don’t create policies that, enforced vigorously, can go a long way towards ensuring security. For example, Verizon found that more than half of organizations surveyed don’t have a policy regarding whether employees can use public Wi-Fi. It also found that 41 percent of employees use unscreened apps downloaded from the internet, and less than half (47 percent) encrypt the transmission of sensitive data across open, public networks. Be sure to establish and enforce policies around data and application access, public Wi-Fi, strong passwords and encryption. If your company allows employees to use their own devices for work purposes, create specific terms and conditions, such as secure containers for work information, virus and malware protection and two-factor authentication.
Management and Policy Enforcement: Developing policies is an important step, but enforcing them can be difficult. It’s much easier to enforce these policies with an automated approach through Mobile Device Management (MDM) or more complrehensive Enterprise Mobility Management (EMM) solutions. A comprehensive MDM/EMM solution allows companies to set policies and device settings; restrict use of device features such as cameras, screen capture and Bluetooth; allow or disallow use of public app stores; enforce encryption; determine which applications are allowed and which are blocklisted; require two-factor authentication; and set up secure containers on specific users’ devices.
With secure devices, solid policies and automated management and control, mid-sized companies can confidently move forward with mobility.