Most people are never far away from a tablet, smartphone or both. In fact, according to a Bank of America survey, more people reach for their phone first thing in the morning than a toothbrush or cup of coffee.
Yet our attachment to our phones brings new risks. With the advent of BYOD in the workplace, businesses must face the fact that their corporate data could be compromised. Every mobile device connected to the corporate network or running business applications can be an entry point for an attack.
Complacency isn’t an option. Here’s what businesses need to know about mobile security in 2017.
The Mobile Threat Landscape
In today’s world, mobile threats abound. Here are some reasons why:
- Mobile devices are easy to misplace—or steal. Once a phone is in the wrong hands, it is easy to get around a passcode or other security device.
- Hackers trick users into opening malicious links and attachments. Increasingly, text messages with malicious links are being utilized. Android devices are particularly vulnerable.
- Devices can be attacked through a variety of means, including SMS and MMS messaging services. Attackers may gain control of the device or attempt a distributed denial of services (DDoS).
- When mobile devices are connected to public WiFi networks, they are vulnerable to man-in-the-middle attacks that spy on users or hijack devices.
- Insiders can intentionally or unintentionally enable attacks by downloading malicious applications or transmitting data.
- Spyware can control devices remotely, oftentimes tricking users into revealing personally identifying information.
- Malware tricks users into disclosing information, including Apple ID and password information and log-in IDs to e-commerce websites.
Signs You’re Complacent
Are you prepared for these mobile threats? Many businesses aren’t. Diligently assess your business. If any of the following apply to you, your mobile security could probably use some shoring up:
- You don’t have a formal BYOD policy in place for employees, or your policy hasn’t been updated in a year or more.
- Many company-owned devices are missing.
- You don’t require employees to update the OS on their mobile devices regularly.
- You are not currently deploying app reputation software, which helps businesses regulate the apps downloaded to devices.
Mobile Security Best Practices
If signs show your mobile security is lackluster, consider adopting these best practices to improve your posture:
- Develop a mobile device usage policy that describes how employees should use devices while on and off-duty. This needs to be created by a lawyer. Precedents have been set where companies have been sued for remotely wiping BYOD devices.
- Make sure that all current and new employees understand the policy, and agree to comply in writing.
- Make sure that your security policy is simple for employees to follow.
- Adopt best practices for passwords, encryption and remote wipe.
- Deploy a mobile device management (MDM) platform.
- Create a system for backing up your data and recovering it when necessary.
While there is no foolproof method for cybersecurity, taking these steps will do much to reduce your risk. So will consulting with a managed security services provider like Ascend Technologies. Our team can deliver the advantages of best-in-class technologies to protect against mobile threats.