Today, enterprise applications and data are being accessed using smartphones and tablets by an increasingly mobile workforce. This shift introduces unprecedented risks and challenges for safeguarding enterprise data and assets that IT organizations must now face. Major mobile security concerns include device loss, data leakage and unauthorized access to corporate resources.
Corporate email, files, and documents that are shared using mobile devices may contain sensitive information that needs to be protected to guard intellectual property and meet regulatory compliance requirements. Transactional access to corporate data using mobile access and payment methods needs to be secured. Also, organizations need to rethink perimeter defense and security policies in the context of distributed mobile access.
Here are five prescriptions that could form the baseline for mobile security in the enterprise.
1. Use passcodes. You’ll be surprised how few people lock their phones with a passcode. If you find a phone in an empty office, taxi cab, shopping mall or a restaurant table, chances are that you can simply swipe, open the phone and access everything on the phone. Fortunately, the younger generation who grew up with smartphones acquired the good habit of locking phones with strong passcodes, if only to protect their private information from friends and family. But this may not be true for most of your workforce. Remember that mobile devices are endpoints too and you need to protect them just as you control access to notebooks, desktops, and servers.
2. Upgrade to the latest Android version. If you have iPhones and iPads, it’s likely that you’re on the latest iOS release, but that’s not true for Android. Mobile threats grew more than six-fold in the past year, but according to Google reports, less than five percent of users are running the latest version of Android. Delays in carrier rollout of upgrades is one reason for this, but users don’t even upgrade to the latest Android version available from their carriers, which can mitigate more than three fourths of existing Android malware threats. Now is the time to upgrade and protect devices from malware!
3. Don’t use open public Wi-Fi networks. Public Wi-Fi is dangerous business because your communications are open to everyone else on the network, and you run the risk that a miscreant may hijack your session. If you must, make sure to use an encrypted network and access data only via VPN and secure HTTPS sessions. Also, know that you pay a price for free Wi-Fi – your privacy, because your every move can be tracked by the sponsor.
4. Use MDM app (mobile security solution) to remote lock, locate, and wipe device. Smartphones are easily misplaced, lost, or stolen. You can use a pin number to remotely lock the device and SIM card, wipe sensitive information from device memory and remotely turn on the phone’s built-in GPS to locate a lost or stolen device.
5. Protect your data. Encrypt sensitive information with strong keys as soon as it is acquired, so there is no data traffic in the clear. Data at rest in storage, servers and devices as well as data on the wire (and over the air) should remain encrypted as they are used, stored or moved and eventually decrypted only by the intended receiver.
You will also need a cultural change to be successful in safeguarding information in the brave new mobile world. Become defensive. If you’re mindful of your surroundings and risks, you can adjust your attitude and behavior and promote self-defense. Assume that someone is listening and watching. Someone always is. Assume you’ve been breached, without becoming excessively paranoid.
Carelessness of the user can help a thief and promote malicious behavior. In order to ward off intrusion and data breach, the user must be careful not to leave the device open without a password, ensure that only the minimum necessary permissions are granted to applications added to the mobile device, and stored business data on the device are protected. Careful users can defeat many common attacks and help safeguard corporate data and assets.Tags: mobile security