It is not unusual these days to see professionals using their own mobile devices for work-related tasks. However, the popular BYOD trend, despite its convenience, presents many security risks.
IBM performed a study to “identify if and how mobile is transforming the enterprise and what companies are doing to secure their mobile initiatives.” In summary, because using personal mobile devices in organizations is so common already and because it helps businesses gain measurable productivity, it is easy to forget that security for mobile is a bigger problem than expected.
To ensure successful deployment of mobile in the work place, it is crucial for enterprises to understand the risks involved with mobile devices as well as employ a mobile-specific security strategy.
Employee-owned devices can be supported alongside devices that are owned by the organization, but usually mobile devices are separate from company-sanctioned devices and are not supported by the company’s IT department. This means that if personal mobile devices connect to the corporate network or access corporate data, those devices can pose security threats to the organization.
Any mobile device could potentially become a part of an enterprise’s network. Because that device is owned by the employee and not confined to the company, it is more likely to be stolen, lost, or even hacked. In a study conducted by Ponemon Institute, “two-thirds of respondents reported a data breach as a result of using their own mobile devices to access company resources.”
Network and mobile security are even more imperative for industries, such as financial services and healthcare, that have developing regulatory, privacy, and operational risks. Enterprises must be aware that unprotected networks—and any unsecure mobile device connected to them—can be compromised.
Device flaws are common enough; it seems like every week there is a new vulnerability to patch. Securing the mobile environment has been more heavily focused on Android devices rather than iOS. However, this focus is changing, according to the National Vulnerability Database. In 2015 alone, there were 375 Apple iOS vulnerabilities.
Organizations everywhere run the risk of allowing private data to be compromised by personal mobile devices if they fail to implement mobile regulations that help protect against such vulnerabilities.
According to SC Magazine, cyber-attacks against web applications are increasing; unfortunately, security budgets for app developers remain low. And when it comes to mobile apps, end-users have a plethora of options to access enterprise systems. As a result, any corporate data linked to these apps (e.g., Dropbox, OneDrive, Google Drive, and SugarSync) can become at risk, whether it be accidental loss or calculated theft.
To better protect from unsecure apps, an article from Information-Age suggests enterprises need to “define the data and application platforms they want to enable and ensure only authorize apps can access them.”
It is possible for enterprises to allow their employees to use mobile devices while reducing the risks of a data breach or the loss of enterprise files and data. This means that all enterprises should enforce basic controls on mobile devices connecting to the central network. When implementing a mobile strategy, consider the following:
There is a growing need for mobility in businesses, but as mobile grows, so do security threats. Embracing new platforms and avenues in our online world means successively getting ahead of the risks those avenues open. Employ a solid mobile security strategy, do not downplay the threats, and stay two steps ahead of cybercriminals.