SecurityBlog Take the first step towards securing mobility, there is cost of doing nothing!

 

Enterprise mobility is a great boost for productivity, enabling employees to access information, emails and enterprise information systems while on the go. However, it comes with a risk of enterprise data and applications being compromised if sufficient security measures are not put in place.

A BI Intelligence report estimated that 65% of US workers were using mobility for their work in 2016, and the number is growing steadily. This widespread adoption of mobility for business means that ensuring security is essential for all organizations today.

According to the Kaspersky Lab Threat Review for 2016

• 36 percent of online banking attacks now target Android devices, up from just 8 percent in 2015.
• Attackers made use of the Google Play Store to distribute Android malware, with infected apps downloaded hundreds of thousands of times.

The potential cost to the enterprise in case of a security breach are very high and can even be crippling for businesses. There is loss of business-critical information, direct and indirect monetary loss and reputation damage.

Emails are very commonly accessed on the mobile devices and businesses ended up paying anywhere between $20,000 to $100 M due to frauds through mobile emails.

In light of the increasing risks and high stakes, what measures are needed to ensure that mobile devices being used by employees are not compromised?

At one level, there are anti-virus and anti-malware software. However, these protect against only one type of risk, so should not be considered as a blanket security measure. There is a need to understand and plan for security at multiple levels – the device, Apps, network, Identity & Access Management.

Devices
Devices become a source of data breach if they are lost or stolen. Media, such as memory cards, can also be removed from devices. Bring Your Own Device (BYOD) increases employee satisfaction but makes enterprise security more complex.

Apps
Apps have access to the mobile device data and possibly to the enterprise information systems. They may also share this data. The most important thing is to restrict the Apps that a user can download on the device. It is important to configure Apps correctly and understand how permissions are being granted. Enterprise Apps need to be containerized to prevent data leakage. If any threat alerts

Network
Various sources of data transfer, such as the Internet network – Wi-Fi or 2G/3G/4G, Bluetooth or NFC can also be sources of data breaches.

Identity Management
Security measures that ensure that only authorized users have access to enterprise data need to be implemented. A simple practice such as requiring a passcode to access a device are also effective.

An Enterprise Mobility Management solution can put the necessary measures and policies in place to mitigate risks at each of these levels.

The Enterprise App store allows you to manage your private Apps, their upgrades and distribution to the right set of devices. You also have an ability to ‘remote wipe’ Apps and data if a device is compromised. With proper planning, policies, implementation and finally, education of users, you can get the maximum productivity from your enterprise mobility program and stay secure from cyber-attacks.

We need to keep in mind that the security needs to be implemented at various levels like Application, Network, Servers and Endpoints and there is no one silver bullet. Standardization of tools, well defined policies, and right systems help achieve overall security objectives.

 It is important to take the first step though, there is cost of doing nothing!