Mobility is essential for a successful company, but the challenge is securing all that data.
Today, employee mobility and office BYOD programs are critical for enterprise productivity. Mobile devices add new security challenges, bypassing many of the security controls you have in place. Mobile devices, mobile apps and the networks they use are now essential to satisfy customers, collaborate more effectively with suppliers, and keep employees productive anytime and anywhere.
Unfortunately, increased connectivity often translates to increased security threats. Gartner predicts that by 2018, 25 percent of corporate data traffic will flow directly from mobile devices to the cloud, bypassing traditional enterprise security controls. Hackers are constantly innovating to target your organization and mobile devices have become their path of least resistance. John Michelsen, chief product officer at Zimperium, shares seven musts for any BYOD program to successfully thwart mobile cyber attacks.
1. Understand mobile privacy concerns
Employees don’t expect personal privacy when operating a company-owned computer. Therefore, surveillance-style security solutions meet little resistance from users. But when employees bring their own devices to work, monitoring web searches and email content becomes a major violation of privacy. Enterprises must develop mobile security strategies meeting the staff’s privacy expectations and security requirements set by IT.
2. Recognize EMM solutions are insufficient
Many organizations accept Enterprise Mobility Management (EMM) solutions to protect their mobile ecosystem. While these solutions are great for managing security policy compliance, they cannot detect cyber threats on managed devices.
3. Know the three layers of mobile vulnerability
Desktops and servers are hard enough to protect, but don’t underestimate mobile devices. You need to understand how mobile devices can be used against you for potential attacks:
- Devices can be compromised via risky configuration settings or vulnerabilities in the operating system like Stagefright or Trident.
- Networks provide easy conduits for attacks since devices autoconnect or users are starved for bandwidth.
- Applications with malware installed or have been improperly developed can bypass protection mechanisms and steal sensitive corporate and personal data.
4. Ensure all devices are running the latest software
Outdated mobile operating systems are extremely vulnerable to known exploits that have since been patched. Mobile security company Zimperium indicates 60 percent of mobile devices in a BYOD environment are operating on outdated OS versions.
5. Beware of imposter apps
Zimperium data shows 1 percent of mobile devices are infected with malicious apps. This poses a significant risk for enterprises with thousands of employees. To reduce these risks, companies should limit connectivity of infected devices to corporate resources.
6. Make network threats a priority
While malware apps are definitely an issue, there are even larger threats at play. Zimperium found network threats are 15 times more common than application threats. Educating employees about the dangers of public Wi-Fi is essential to a strong BYOD program.
7. Develop a real-time proactive strategy
Gone are the days of post-attack detection. Enable your IT teams with a method to identify and remediate cyber threats in real-time to eliminate mobile devices from being used against your organization.