We live in a world, where mobile device usage has already outpaced both desktop and laptop. We are also witnessing an explosion in companies going through digital transformation processes and using the cloud to store data needed to run critical business functions like accounting, finance, operations and human resources – both trends generate enormous business value and are bound to continue.
Yet, when it comes to securing our smartphones and tablets, we are less vigilant and more trusting than we typically would be with our larger screen devices. We would never run a PC, laptop or Mac computer without reliable anti-virus and anti-malware software installed, but we often forget about the risks associated with mobile device usage and tend to underestimate the negative consequences that could result from our gadgets being compromised. This is a common fallacy that affects both personal and professional mobile devices; certainly, the damage associated with a breach of critical enterprise data and security could be much farther-reaching, and more costly.
Awareness of potential threats
Although smartphone manufacturers build certain protections into our phones, they are anything but foolproof. Most modern devices are built to protect us against installing unauthorised software, being spammed or duped into providing private details, but there are inconspicuous third-party apps containing malware that occasionally make it past Apple and Google’s radars. Even if apps weren’t designed to infect your system with malware, they may still compromise your privacy by asking for permissions that they don’t need. Thus, when installing new applications, users must be aware of the rights they are granting to each app. Make sure that apps can only access your data (photos, videos, files, etc.) and location for a good reason and in the course of their normal operations, rather than granting them constant access to off-limit areas. In addition, ensure your Bluetooth is off unless it’s being used, to avoid close-proximity break-ins.
Safeguarding mobile devices
Most BYOD (“Bring Your Own Device”) users combine professional and personal usage, which results in personal banking and identification data, mobile payment apps, passwords and PIN numbers, along with sensitive corporate data being viewed, entered and stored on devices that are potentially unsecured and that could be compromised by skilled intruders.
Enterprises possess valuable data to secure and are in need of a more strategic approach toward safeguarding devices that handle this data. They must first decide if they should allow employee-owned or BYOD devices to connect to company networks and access data, or provide secure mobile devices to all employees, thus significantly raising hardware costs. The alternative – turning into a mobile-unfriendly organization—isn’t even an option in the fast-paced, digital business environment we operate in.
Rethinking enterprise security
Along with the privacy and malware issues faced by all mobile users, enterprises must also contend with the risk of lost devices, stolen proprietary data, including financial information, product patents, manufacturing know-how and other trade secrets.
Mobile device management (MDM) and Enterprise mobile management (EMM) systems
There are several modern-day solutions (many of them open-source) that offer alternatives for managing employee devices for IT administrators.
Some can be used to enforce policies such as mobile device encryption or scrambling company data on employee–owned devices, “sandboxing” company applications and data on devices in an encrypted safe, so that it doesn’t mix with employee personal data. Others can remotely wipe a lost or stolen device or monitor the apps that are installed and used on a device for potential security risks.
Vetting your cloud provider(s)
Before handing over critical company information to the cloud, it is critical for savvy IT teams to assess the reliability of their chosen cloud provider(s) on multiple counts. The Cloud Controls Matrix Working Group was created to guide cloud vendors on essential security principles and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. It is part of the greater CSA (Cloud Security Alliance), which has developed a framework providing detailed understanding of security concepts and principles across 13 domains. Next, understanding the cloud-based service needs of employees and sourcing enterprise-friendly versions of these services from trusted providers that meet the most stringent security standards, is key to a robust, closed-loop security system.
Using cloud security brokers as middlemen, who encrypt data passing in and out of a cloud-based service, can be helpful in safeguarding that data. These companies can ensure that sensitive data is protected before it is stored on the cloud, so that even if a cloud-service provider is compromised and the data is stolen, it will be of no use to intruders.
Education and usage policies
In the end, even the most advanced MDM, EMM and cloud security setups cannot make up for user carelessness. Holding regular security seminars and communicating internally on these topics can be of real value and make a difference in how employees treat their company-owned devices and data. Having meaningful device usage policies that go with the trainings, which users can refer to at any time, is also of the essence. The UK government, for example, has created a BYOD executive summary, which can be used as a starting point for crafting your own policy.
Taking your enterprise security to the next level
PwC’s 2017 Global State of Information Security Survey provides insights into the existing infrastructure and policies employed by a representative sample of enterprises, along with recommendations on setting up security solutions that work.
Contact us if you need more information, PegusApps will guide you.
Copywriter: Ina Danova