Now, more than ever, you need a strategy in place to secure your mobile workspace from the growing threat of mobile cyber-attacks, IP and corporate information breeches.
In the past, mobile malware hasn’t been a significant issue for enterprises managing a mobile fleet, but the number of attacks on company devices is rapidly rising. With so many employees using smartphones and tablets to communicate with each other and customers, and to collaborate and share company data, securing your mobile technology is a vital step in protecting your sensitive information.
Every organisation that relies on mobility in their business should have a strong mobile security strategy in place. Here we outline the basics to get you started in this first instalment on mobile security.
1. Know Your Fleet
This sounds basic, but will offer the greatest return on investment. You can’t adequately protect your mobile technology unless you know it inside out. Perform a mobility service user profile audit to not only identify the number of devices and who they are being used by, but also what they are being used for. This will give you a clear picture of the level of protection required and will identify specific vulnerabilities and any security weaknesses.
For example, you may have sales reps who are on the road and regularly connect to public wi-fi networks, which means your security needs to be strengthened to offset the risk of using unsecured connections. Gartner reports that, “50% of Public Wi-Fi networks are non-compliant with the law; vulnerable to attack”.
If your fleet has grown rapidly, and the idea of auditing your devices is overwhelming, you could consider mobile device management to get you started – it takes care of the inventory management of your devices and so much more (see tip #2 below).
2. Implement the right Mobile Device Management solution
As your fleet grows and the mix of devices becomes more complex, your IT team may struggle to manage the mobility in your organisation effectively. Keeping track of the growing mobile device eco-system can be work enough, let alone handling the security threats that may be looming. As mentioned above, MDM solves this problem.
MDM allows you to secure, manage and monitor your mobile technology. It addresses usage and security policy setting, enforces compliance and handles the overall management of your devices. It also prevents unauthorised access to your corporate information, mitigating the risk of your sensitive data getting into the wrong hands.
But not all MDM’s are up to the task. Each has its strengths and weaknesses. Don’t just settle for the MDM that may be offered as part of other software functionality you are interested in, e.g. Identity management. Ensure that it enables you to develop, push down and enforce the “must have” security policies with the necessary remediation controls and processes.
3. Bump Up the Protection
When it comes to cyber vulnerability, mobile devices are your organisation’s weak point – and this is because they generally don’t have the same level of protection as the rest of your IT hardware, even though mobile devices have overtaken the desktop in internet access.
Some devices and apps use encryption to secure your mobile devices, but this alone doesn’t guarantee you won’t be hacked. A recent example is the revelation by WikiLeaks that the CIA can hack smartphones and read messages as they’re typed into encrypted apps. To do that they are taking advantage of device OS vulnerabilities. If the CIA has been able to, you can bet hackers have too.
An anti-malware, mobile threat defence (MTD) solution protects your fleet by detecting threats to devices, operating systems, the networks they use and the apps installed on the device. It’s important to find a MTD solution that covers all those areas, as each is vulnerable to a range of different attack methods. Many MTD solutions will complement existing Enterprise Mobility Management (EMM) solutions that rely on MTD to activate compliance rules for cyber threats on the managed devices. Compare MTD solutions and select one that strengthens your mobile security position and compliments your EMM.
4. Choose Agile Solutions
Because things in the IT space can (and do) change in an instant, you need to be making decisions on your cybersecurity in real time. New threats are created and released daily, and that means finding a solution that is adaptable, and being informed of not only the current situation, but also what lies ahead.
Recommendations by Zimperium based on 2017 mobile security predictions suggest viewing current non-signature malware prevention solutions as a temporary fix, as only a handful of the current crop of endpoint protection vendors will still be around in three years. It also recommends prioritising third-party security controls over built-in security from SaaS application providers and offering incentives for replacing physical media exchange with cloud-based file sharing between employees and clients.
5. Guide Your People
Again, the simplest advice is often the best. Educating your employees on the dos and don’ts of mobile security will help limit risky behaviour. This can be as simple as providing your team with a simple reference document that includes things to avoid like connection with unverified devices and syncing personal emails with work devices, or a more complex mobile security policy – and preferably, both.
If employees have just one phone for work and personal use, limit the use of non-business apps. If you’re using MDM tools, they can usually manage this, otherwise include it in your mobile use guidelines.
Mobile security should now be a priority for all organisations. It’s no longer something that can be ignored, as the risks are great and the threat is real.
Follow the tips above to get the basics right. If you have the basics down, or have more complex security requirements, wait for our second security instalment or contact a managed mobility service provider for advice on a solution that will keep your workforce mobility solution safe now and in the future.