As businesses become increasingly dependent on the remote workforce, keeping remote workers securely connected is fast becoming a priority.
These days, many employees regularly access company data from their smartphones – whether they’re company- or privately-owned devices. This makes keeping corporate information safe an increasingly complex task.
Add to this, the huge costs associated with managing a corporate data breach. According to the 2019 Cost of a Data Breach Report, conducted by the Ponemon Institute and sponsored by IBM Security, data breaches cost an average of US$3.92 million per breach.
Practical mobile security tips
While it’s essential to do all you can to keep your mobile workers secure while providing them with the flexibility to get connected from anywhere, it’s important to recognise that your people are likely to be the weakest link in your mobile security practices.
To bolster your mobile security defences, add these practical mobile security tips to your security agenda:
1. Create Security Training Content
1. Security Training
User ignorance is a major mobile security risk and mobile device exploitation is typically the primary cause of security incidents. Whether you operate a ‘bring your own device’ (BYOD) policy, or provide workers with company-owned equipment, it’s essential to give your people mobile security tips and run training programs.
Mobile security tip 1: Create security training content that is relevant to the specific requirements and use cases of your remote workers and mobile employees. You also need to :
- Password-protect phones
- Limit app downloads to approved sources
- Ensure the operating system is updated regularly, and
- Set rules for accessing public Wi-Fi.
At the same time, you need to reduce the risk of compromise for lost or stolen devices by deploying an enterprise mobility management (EMM) solution with mobile content management (MCM) capabilities.
2. Public Wi-Fi
A mobile device is only as secure as the network through which it transmits data.
When mobile workers connect to your corporate network from remote sites through public Wi-Fi, it can expose mobile devices to malicious threats and sensitive data loss.
Mobile security tip 2: With the risk of network spoofing and man-in-the-middle attacks from using public Wi-Fi, it’s critical to ensure your people use an enterprise-class virtual private network (VPN).
A VPN is the most secure way for employees to use the Internet on public Wi-Fi. It routes traffic through a secure network, which encrypts the data, even while your employees are connected to public Wi-Fi. It’s also a good idea to use EMM tools to set policies that limit remote access.
3. Leaky apps
Data leakage is another troubling issue affecting mobile data security. App leaks involve the unintentional transfer of sensitive information from a mobile device to an Internet service.
Employees who use their own devices often download and use productivity apps without informing the IT department. While this is typically done in good faith – to facilitate their work in some way – if the data in the app is not secured, it can expose corporate data to anyone who uses the same network.
Mobile security tip 3: To counter leaky app issues, IT must also create rules and whitelist apps that may be used for work. It’s also important to use mobile threat defence (MTD) solutions that scan apps for leaky behaviour.
4. Phishing
Hackers have long-used email phishing scams to steal personal and business data from desktop users. Unfortunately, it’s just as easy to phish personal and corporate information from a mobile device as it is from a desktop.
SMS phishing typically employs the same tactics as the traditional email-based phishing scams, tricking a user to provide personal information or reset their password which then sends their credentials to a malicious third party.
In many cases, employees may not even be aware of the violation, especially if no security software is used on the mobile device.
Mobile security tip 4: Again, the best defence against mobile phishing is to train your people. Make sure your employees understand the risks and types of attacks they may face, and importantly how to address them.
Original Post: 18 September 2019