Mobile tech has provided enterprises with a capacity to communicate within the organization and to reach out to customers, wherever they are, that has changed the way we do business - and those changes are far from complete. It’s a huge leap forward, but the landing won’t be soft unless security catches up with communication potential.
In an age when the majority of data breaches don’t come from hackers, leaks, phishing scams or viruses but from people simply losing their devices (or the devices being stolen), it’s clear that a device that has or allows access to confidential customer information is worth far more than the value of the device itself. A missing smartphone can bring a company to its knees.
How can businesses guard against the threats to mobile data security?
1. Ensure Devices Have Data Destruction Capabilities
Devices can have software installed that allows a company to remotely wipe the device if it is thought stolen or missing. More than 50% of mobile devices have some kind of sensitive information on them so it makes sense from the individual’s point of view too, but if workers are ansty about management nuking their iPhones it’s possible to sandbox the ‘work’ part of a device and install wipe software only on that partition. The capacity to retrieve your data even when the device on which it’s held is missing is the flipside of cloud and BYOD, something that’s needed to cope with the contemporary threat.
2. Avoid Public Networks
And teach staff to avoid public networks too. Some unsecured public networks are set up for the sole purpose of attracting users in order to steal from them! Others are simply open networks, but that means you don’t know who you’re sharing the network with or what they might be looking at. On an unencrypted network, anyone else on the network can see what web pages you’re looking at, and what you’re typing on those web pages. Yes, that’s bad if it’s your bank details, but if it’s your work network password then it doesn’t matter how good a password it is: it just became worthless.
3. Install Remote Locators on Mobile Devices Used At Work
Remote location can allow lost or stolen devices to be tracked and recovered. Often, devices have merely been mislaid, and it’s best to avoid nuking someone’s precious tablet or throwing away data and the work it represents if you can use remote location to reassure a panicked employee that the ‘missing’ device is in their apartment after all!
4. Sandbox Business Applications
Mobile devices are app platforms. On mobile devices, most people spend more time online on apps than they do using browsers. But not all apps are benign. Some collect data without warning users. Enterprises face a far greater threat from the millions of generally available apps on their employees’ devices than from mobile malware, a situation that isn’t helped because the default settings on these apps usually allow a degree of data gathering that individual users might not feel comfortable with - and business owners and CIOs certainly wouldn’t.
Enterprise users casually give these riskware apps sweeping permissions, not realizing that their personal and corporate data may be sent to remote servers and advertising networks all over the world. And once your data is on someone else’s server you have no control over it: it can be mined by cybercriminals and hostile governments seeking access to corporate networks.
5. When is a Device Not a Device?
In other words, all the security threats we’ve discussed so far pale into insignificance when compared to the simple fact that a mobile device is a gateway to the cloud - specifically, to your corporate cloud. Attacks on mobile devices are increasingly oriented toward compiling information to be used for later attacks on servers.
Interested in Protecting Your Customer's Data With Mobile Security?
Fill out our contact form or
