As more organizations extend network access and application support beyond traditional desktops to other communication devices like laptops, smartphones and tablets, IBM reports that 76 percent of CEOs and IT managers listed security as their most significant mobile enterprise challenge. This concern has taken on even greater significance because employees are bringing their devices to work (BYOD) and storing sensitive company data on them.
Corporate-level executives see iPhones, Window phones and Android devices as opportunities to become more cost-efficient, improve communications and increase revenues and profits. However, they must make sure these devices are secured—which is mission-critical to a business's overall security.
Still, companies cannot block personal usage of mobile devices, and if they could, they would frustrate the users who would therefore have a lower adoption of their working device.
Here are five key areas of risks when it comes to mobile security:
1. Theft and loss of mobile devices
One of the biggest worries management has about mobile security concerns confidential information that can be compromised when these devices are lost or stolen. Of the companies participating in a survey, 57% of the respondents state that they experienced a loss what that of a mobile device. Almost 50% of the devices contained sensitive business data.
2. Loss of company data and files
The comprehensive integration of network communications with business processes allows end-users to access the system from public Wi-Fi hotspots using wireless devices. Consequently, organizations find their networks more vulnerable and data becoming more difficult to protect.
Once a network breach occurs, businesses can suffer regulatory, legal and financial consequences. In addition, a loss of reputation can seriously undermine a company’s brand and could possibly put it at a competitive disadvantage.
3. Cybercrime rising with the use of mobile devices
From mobile banking transactions to healthcare dealings, the proliferation of mobile channels and apps have changed the workplace and the marketplace. Although mobile solutions have grown in their sophistication and complexity, these attacks have become increasingly difficult to identify and prevent.
According to Gartner, as organizations increase mobile functionality, transaction volume and value will grow at an annual pace of 42% through 2016. So will stealth attacks and evasion techniques to compromise mobile security.
4. Mobile Malware and app risk
McAfee reports that Malware targeting mobile devices has increased significantly. Attacks on the Android platform climbed 33 percent in 2013 and will continue through 2014. IT security managers should expect more diverse attacks aimed at mobile devices, especially threats designed to encrypt company data and hold it for ransom or undetectable dangers designed to corrupt valid apps. As more companies encourage BYOD, the potential for end-users to download malware will make corporate networks more vulnerable.
5. End-user Behaviour
Companies spend lots of money to come up with techno-solutions that make your network more secure. However, there is not anything that can make your system more secure than changing the behaviour of the people who use it. For example, everyone knows that strong passwords can prevent many security breaches. However, storing sensitive work on a laptop or leaving a smartphone on a subway train could compromise confidential data or expose your network to malware attack.
Tips for improving mobile device security
Given the growing use of both personal and company-owned mobile devices, security and device management must become a high priority within your organization. Today’s security solutions must provide you strategies for managing mobile devices in a straightforward manner that leverages your existing infrastructure.
Mobile security starts with having reasonable policies and plan in place. You will need to consider a variety of elements prior to establishing your policies. For example, regulatory requirements like Sarbanes-Oxley, HIPPA and other directives govern the security of sensitive data on mobile devices. Some other factors that must be considered include:
Industry concerns: Assurance that customer information and sensitive corporate data remains private and secure from unauthorized sources, such as your competitors.
Emerging trends: How to support BYOD on the company network.
Flexibility: Strategies must be able to accommodate current and future needs as mobility evolves.
Take an inventory of all of the devices currently in your environment. Identify the platforms and if they have the security features you need. Determine how you will balance the security attributes with end-users features and apps.
Create mobile security plans/policies that are simple and easy—with end-users in mind. Make sure that the plan includes the purpose, application, scope, responsibility and consequences for non-compliance. Effective communication is also an important aspect of your security strategies.
Involve your employees in the process from the start to help them understand their roles in safeguarding client data and corporate confidentiality.
Companies need to create proper “zoning” between personal and professional content to maintain business data integrity, prevent misuse, and protect data.
As mobile security needs continue to expand and evolve, keeping endpoints secure, compliant and operating at peak performance requires the proper tools to help manage both physical and virtual assets. Consider deploying a cost-effective solution such as the MobileIron MDM to help centralize management and security.