Vulnerability to data loss from compromised mobile devices and apps is a significant worry for CIOs. Where is the danger coming from and what can be done to mitigate it?
Mobile is sitting high up the priority list for CIOs. New IDG research shows 64 percent of enterprises rank mobile as a top priority. They see mobile access as key to improving internal communication, making decisions faster and cutting costs. Mobile comes with challenges, too. Top of that list is security, say the IT leaders IDG surveyed.
- Data leak prevention
- Intrusion detection and prevention
- Managing access to data
- Preventing data loss when devices are lost
The concerns of IT leaders are easily justified. 82% of those surveyed said mobile devices can access most of their corporate data. As more enterprises introduce bring-your-own-device policies, more data will be put at risk.
88 percent of Android devices are vulnerable
University of Cambridge computer scientists recently found that the infrequent release of security updates for Android devices has left 88 percent of them vulnerable to at least one of 11 critical security flaws.
Apple is not in the clear. The nature of iOS makes it hard for the same analysis to be done on iPhones and iPad, but the researchers said they expected the same level of vulnerability in the Apple ecosystem.
The sources of the danger
An employee downloads a game infected with malware or connects to an unsecured WiFi network. The routes to compromise are many and easy to conceive. Once the malware is installed, it begins hunting for or capturing corporate data using the device’s access.
The greatest concern in these scenarios is the general lack of visibility that IT administrators have into potential mobile security issues.
Given that the growth in mobile usage is unstoppable (desirable, in fact), mitigation of risk is the only remaining approach.
A separate network for BYOD devices (bring your own device) gives you a checkpoint to make sure personal devices and mobile apps are validated. A master security policy can set out exactly what information mobile devices can access. Secure mobile access solutions with context-aware authentication, network access controls and a virtual private network (VPN) help keep access to only authorized users and mobile apps located on validated devices.
- If you develop and deploy your own enterprise apps, put them through a security vetting process
- Treat mobiles like laptops permanently connected to a network outside your control
- Know what applications your staff use to access your data
- Where possible, encrypt data at both ends of the transaction
- Protect data first and the device second. (Your mobile data management system should allow you to wipe a device remotely. Losing data on a server is a far bigger headache — loss of business, furious customers, lawsuits…)
If your organization has security-unsavvy users, it is time to change it. Educating your employees and providing them with training should be on top of mind as it can severely affect your organization.
Are you ready to secure your customers' and employees' mobile initiatives and provide them with security awareness training? Request your new-school security training demo today by clicking the button below and filing out the form.
Feel free to contact our team if you have any questions or content suggestions. We are here to help!