Mobile devices are holding centrestage today and are a gateway to countless productivity tools, entertainment resources and social networking channels.
According to IDC’s “Mobile World Congress 2014: The Enterprise Mobility Perspective,” “Enterprise mobility has so far been mostly characterized by consumerization. Smartphones, apps, mobile broadband, personal cloud storage, and social media have combined to transform consumers' everyday lives’. And this movement is global. Recognising that employees may be most productive on devices of their choice, bring your own device (BYOD) is expanding worldwide.
While these trends bring flexibility and business profitability, they have also amplified the accessibility of corporate information on premise and outside the corporate network.
This year, as a responsible organization - let’s resolve to keep a critical eye on those shiny devices walking in-and-out of the premise, by following a few resolutions to up our mobile security game.
Make the Mobile Phone the Network’s Strongest Link
Many companies think device-level security is enough to prevent data leakage and breaches, but today’s mobile threats call for deeper layers of defenses. Protecting the endpoint using just the anti-virus component of an endpoint protection technology has been insufficient for years. As mobile device management solutions become commonplace in the enterprise, it is realized that "MDM" (mobile device management) does not protect corporate data. Perhaps an integrated solution offering anti-malware (mobile security), device management (MDM), and app/data protection (MAM) capabilities is worth evaluating.
You can strengthen your security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication, and defensive measures, including reputation-based technologies.
Educate Employees on How to deflect Attacks
Many of the large-scale data breaches from the past couple years highlight that the weakest link in security is often human error. Therefore, it’s critical that your employees understand what attacks look like and how to defend against them. Make 2015 the year of educating your users about security threats and the damage they can cause – from password strength to phishing emails to lost and stolen mobile devices.
But don’t simply rely on providing employee handbooks. Training should be actionable and include actively testing your employees by simulating real-life circumstances.
Take the C-Suite into Confidence
CIOs and CSOs must proactively counsel executives about the current information risks the company faces and explain in plain language the resources needed to transition from older, vulnerable systems, and create and test incident response plans. Make regular meetings with your C-Suite a goal in 2015. Engaging the C-suite can help IT get the security resources it needs to be successful and is critical to getting in front of issues before they become a crisis.
Protect the Operating System from Malware
Mobile devices that are connected to the internet will carry the similar security risks that desktops and laptops carry. In addition, mobile devices are slightly more vulnerable due to the ease of downloading applications from App Stores. Today, while the Android OS dominates the consumer market, it is also making headway in the enterprise space that is currently dominated by iOS globally, as result of the growing adoption of BYOD within the enterprises. No wonder then that in the last two years, it was noticed that there was a major growth from trojans and adware targeting mobile devices, mainly focusing on Android phone. According to Symantec’s Internet Security Threat Report 19, in 2013 Android was the platform of choice for malware authors with 97 percent of threat rate, as compared to other platforms.
Keep an Eye Out for the Bad Apps
To streamline business processes and enhance employee productivity, enterprises provide the workforce with relevant mobile apps. Protect your company by developing a policy item to determine which apps can be downloaded or accessed via the corporate network.
Lose it, Lock it, Wipe it
Download an app on your mobile devices that allows you and your employees to lock and wipe a phone in the case of theft or loss. Keep out prying eyes by remotely locking your device. If your phone is gone for good, wipe your data including contacts, text messages, photos, email, browser history and user accounts (like Facebook, Twitter and Google).
Update, Update, Update
Make sure that employees get in the habit of updating apps as soon as they are prompted to. Software updates can include fixes to new vulnerabilities and exploited security gaps.
Don’t Let Mobile Security Be a Blind Spot
With so much personal data on our devices and mobile malware on the rise, our mobile now needs the same attention given to PC protection.