Do you think today’s mobile devices are more secure than their predecessors? If so, think again. According to Gartner, security issues related to mobile technologies should be a top priority. As technological innovation continues and the bring your own device (BYOD) trend hits the workplace, the struggle intensifies to ensure every data endpoint is secured. What has your strategy been?
If you are looking for inspiration, here is my list of the trending mobile security issues in 2012….
Tablets are the new fever gripping the workforce. Packed with better multimedia capabilities, performance, power and rich computing features, tablets are slowly and steadily replacing laptops in the boardrooms, and have become the preferred tool for giving demos, presentations and displaying reports. But are tablets safe for enterprise use? As employees use their personal or corporate owned tablets to access corporate resources, they may unknowingly open up the network for online exploits. Thus, it is mandatory to deploy an inventory tool to keep tabs on your enterprise tablet population and its activity.
Apps play an important role in defining our smartphone and tablet experience, but they can be often hard to control. Users often bypass patch updates, and unpatched applications leave open security holes that may act as a gateway for malicious online activity and phishing attacks. IT's perception of app management should remain simple – protect mobile devices by protecting their applications. Many admins will turn to an enterprise app store (EAS) to seize control of their app ecosystem. There are other elements of app management that must be taken into account for complete control. Using a mobile application management (MAM) solution, the admin can Whitelist or Blacklist apps, push apps to specific groups, and even leverage Apple's volume purchase program (VPP).
Jailbroken and Rooted Devices
Removing manufacturer limitations from an iOS or Android device creates a soft target for cybercriminals. These devices are not only deprived of vendor-issued security updates but can also easily bypass any enterprise security controls. A malware developer can easily launch malicious apps and make the device vulnerable to phishing attacks. Thus, it is important to detect a jailbroken or rooted device and prevent it from connecting to corporate resources.
Today’s mobile market is diverse and is flooded with different types of mobile devices like USBs, wireless printers, ultrabooks, etc. Thus, there is an emerging lineup of mobile devices on which sensitive and corporate data may reside. IT administrators must focus on not only keeping an inventory of their in-house devices but also enforce different user security practices. They must encourage their employees to encrypt the data on every mobile device they own. They must have software that facilitates remote wipe, backup and restore in case a device gets lost or stolen. Missing OS updates can comprise the security state of the device. Thus, IT admins must deploy a mobile device management (MDM) strategy that can:
- Manage different types of devices
- Monitor user activity on these devices
- Create and deploy different policies for different devices (based on user needs)
- Generate notifications and warnings for owners and IT admins about the secured state of the devices
Bring Your Own Device
Careless and complacent employees pose greater threats to enterprise security than a cyber-criminal or foreign intruder. Employees must follow smartphone and tablet best practices to prevent any data mishaps. They must at all times ensure that their screen is locked, ensure that sensitive data is well encrypted and must only connect to secured or private wireless hotspots. BYOD employees must ensure that they do not engage in unsecured web browsing and use recommended VPN solutions to connect to enterprise resources. Employees must be well aware of best practices for using BYOD devices at work and relevant corporate policies that they must abide by to avoid any severe penalties.
What have been your prime mobile device security concerns, and how do you plan to overcome them? Do have any more to add to the above list? Please share with us your experiences below.