Mobile Device Breaches Present Growing Risk for Connected Businesses
Creative Commons - Unsplash https://unsplash.com/search/tablet?photo=unRkg2jH1j0
According to a new Checkpoint survey, one-third of security professionals believe a company mobile device, when breached, presents a greater risk of data loss than a compromised laptop or desktop computer. In the same vein, one-third of security pros say their companies fail to adequately secure mobile devices.
Overall, one in five say their company has experienced at least one mobile breach. Meanwhile, 24 percent don’t know whether a company device has been compromised, suggesting they have limited visibility on the devices that access their data. Additionally, 64 percent admit they doubt they can prevent attacks against mobile devices, 79 percent say securing smartphones and tablets is becoming increasingly difficult, and 94 percent of respondents say they expect attacks against mobile devices to increase.
The Complexity of Mobile Device Security
Most companies purchase and issue a limited number of desktop and laptop computer brands. The mobile device ecosystem, on the other hand, is much more complex. In companies that have a bring-your-own-device (BYOD) policy, employees connect to the network with a wide range of devices. These end points use different operating systems, roll out security updates at varying speeds and have different policies on third-party app downloads.
Also, while most laptop and desktop computers have security suites that protect them from known threats like malware and malicious websites, the market doesn’t offer on-device security solutions for every type of mobile device. Additionally, because mobile devices are carried to more locations, they’re more likely to be lost or stolen. Without enterprise mobility management (EMM), businesses can’t remotely locate or wipe lost and stolen devices.
Because users appreciate the convenience, they often jump online without considering the security of their connections. This generates vulnerability for companies with a BYOD environment. While employees may not log into company network directly through their mobile devices, company data stored on their smartphones or tablets is put at risk as they access those devices through nonsecure Wi-Fi. EMM is vital to business success, as it allows companies to partition business and personal data while enforcing device encryption.
Developing a Mobile Policy
Mobile security, according to Sophos, starts with understanding risk, particularly when it comes to protecting data in the context of regulatory compliance. Sophos recommends mapping out the risks mobile devices introduce to the network and then deciding which risks to manage and which to try to eliminate.
Within each company’s risk profile, IT can evaluate a range of mobile security options, from a virtual private network to a comprehensive EMM solution. In addition to protecting on-site applications and data accessed or stored on devices, IT should consider beefing up its cloud storage security and developing guidelines on authorized applications for employee devices. Even EMM can’t protect companies from every attack vector. Employees need ongoing education regarding phishing, short-message service phishing and sophisticated social engineering attacks.
Mobile attacks are only going to become more numerous and more sophisticated over time. While it’s a balance easier said than done, companies must gear up for the long fight. The only way to adapt to tomorrow’s threats is by executing mobile security today.