5 Things We’ve Learned About Mobile Security in 2014
In light of the recent Sony hack, enterprises are scrambling to look at their own IT infrastructures to identify data leakage and security gaps. In today’s connected enterprise, all endpoints should be considered a threat vector, and as mobile devices and connected peripherals are increasingly accounting for a higher percentage of endpoints on which employees conduct crucial business tasks and connect to enterprise networks and resources, mobile security and management should be one of the top three areas that need to be scrutinized.
1) Employees – the biggest risk to corporate data
Enterprises without mobility strategies / policies and a means to educate their employees regarding mobile device use are allowing their corporate data to be accessed and potentially compromised, by staff using their own personal devices, to access corporate data and they’re likely doing so via insecure networks (Listed as a threat vector below).
It’s very likely that jail broken and rooted devices have been exposed to malware and viruses that could easily access corporate data. There’s nothing stopping rogue applications from spreading throughout a connected enterprise’s network. It is paramount that connected enterprises employ security solutions that can detect and isolate compromised devices from corporate resources.
2) Unclear corporate policies
The lack of a systematic approach to corporate IT and mobile security continues to endanger corporate data – everyone from C-Suite to interns and temps decide what devices they will use to access corporate content and networks. As the decision is no longer exclusively controlled by IT, the employment of an EMM solution that can manage multiple device platforms and operating systems becomes a necessity.
3) Lost, stolen or hand-me-down devices
Lost, stolen and even hand-me-down devices pose a threat to an enterprise’s security. Devices that are not secured with a password and a solution that can “WIPE” the corporate content that resides on the device and remove a device’s access to corporate data can allow ongoing access to unprotected data by unauthorized parties.
4) Open WiFi Networks
Telecommuters often use public WiFi hotspots – especially those who work from a coffee shop or even when traveling and are risking the security of their personal data and any corporate data that resides on their devices. Employees on open networks can easily fall victim to data interception, rogue apps, and wireless phishing scams at the very least. These attacks, apps and scams can easily compromise devices and data alike.
Passwords are not always the best approach to security, especially in circumstances where employers / IT departments set strict rules and require highly complex alphanumeric and symbol combinations. Employees will simply save their passwords in a document on their desk or even on their device (laptop, tablet, mobile phone), because they can’t remember them - making their accounts easy targets. Certificate based authentication can be enabled by IT to have a strict authentication requirements while also enabling easy user access.
Security should be top of mind for every CIO and their ever-changing connected enterprise. Addressing the issues above by implementing stronger IT security policies and enabling a mobile work force with a strong EMM solution can be the first line of defense against corporate data loss.