There’s an increasing threat to mobile devices all over the world and it’s not difficult to wonder why. The number of those small mini-computers we carry around in our pockets has literally just exploded – an estimate observed that the number of mobile-phone users is expected to cross a staggering 5 billion in 2019.
Mobile phones are everywhere and hence, they play increasingly integral parts of our lives. They are as much a part of the average employee’s work time as well as personal time – whether, it’s sending emails or scheduling meetings, in the case of the former, or using the mobile to watch movies, speak with people and stay entertained.
Obviously, enterprises find themselves in a tricky situation. On one hand, it is important for them to maintain a strong information security framework so that their data stays secure. However, with workers doing so much of their work on mobile devices along with a lot of personal work as well, the lines can often get barred. Cyber criminals are aware of this and have stepped up their focus on mobile devices.
Some of the major security risks that have risen on mobile are:
- Lack of physical security: Desktops cannot be moved easily and laptops can be locked to a stationary structure but handheld devices, such as smartphones can be easily stolen. The thief also gets open access to the data on the device and to the enterprise through enterprise applications installed on mobile.
- Untrusted networks: While traveling, users routinely connect the devices to untrustworthy networks (Wi-Fi). It could be at cafes, restaurants, airports, and other social places. These networks are not secure and extremely prone to hacking.
- Untrusted applications: Games, social media apps, and many other apps read the data from the device and upload it to their servers. This is a threat to corporate data stored on mobiles. Personal apps on devices are usually one of the biggest threats to data safety.
- Interaction with other systems: Users connect mobile devices to their personal laptops and other desktops to transfer music, videos etc. These computers pose security danger for the enterprise data saved on the handheld.
- Untrusted mobile devices: Most personal devices are untrustworthy. They may not be upgraded to latest OS and patches are also not frequently updated thus leaving the device insecure. Employees tend to avoid upgrading immediately to save on data streaming and may also try to jailbreak the device to play and experiment with it. In case of organizations supporting BYOD, this increases the threat.
Here are a few steps that organizations should take before provisioning handheld device on the enterprise network and issuing it to the employee.
- Enforce general security policy: All devices must adhere to the security policy which includes the following:
- Restricted access to hardware such as camera, USB interface, Bluetooth, and removable storage.
- Restricted access to native applications such as email client, calendar, built-in browser, contacts etc.
- Manage Wi-Fi network interface, including enforced security protocol for all connections.
- Limit or prevent access to enterprise services based on rooting or jailbreak status to ensure only secure devices access the company’s information.
- Select only the most secure devices in the market to integrate with enterprise infrastructure.
- Data communication and storage
- Ensure strong encryption for data connection to enterprise networking. Enforce use of VPN to connect to the network.
- Enable strong encryption of data stored on the device. Bind the removable storage to that specific device using encryption techniques.
- Remotely wipe the device if it is reported lost or stolen or otherwise become untrustworthy.
- Auto-wipe the device after a specific number of unsuccessful authentication attempts.
- User and device authentication
- Enforce strong authentication using a one-time token or 2-factor authentication to access enterprise network.
- Enforce auto lock when device is idle for specific duration (e.g. 5 minutes)
- Enable remote lock to allow locking of the device-based on suspicious behavior on the device.
- Enable remote reset of the
- Deploy a Mobile Device Management(MDM) solution like Seqrite mSuite to manage all the devices across the enterprise.
- Applications (Apps)
- Allow the use of only specific app stores to install applications.
- Restrict the applications that can be installed (using white-listing or blacklisting)
- Restrict the permission allowed for apps (e.g. camera access, location access, screenshotetc)
- Distribute enterprise applications from a dedicated mobile app store.
Mobile devices by their very nature are prone to hacks. However, with proper device management, they can be used securely to ensure that organization’s information and network are not put in any danger. Commercial Mobile Device Management (MDM) software makes the administration of handheld security easy and manageable and integrate into organization’s overall security infrastructure. With proper security implemented, mobile devices can truly provide the productivity improvements that they promise.
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more