In the present day, employees are king, bringing with them (into the network) not one, not two, but sometimes three or more personal devices that have little-to-no corporate-approved applications; yet they connect to the corporate network and chat, e-mail, talk and connect to the cloud. These devices are highly customizable, unlike enterprise-issued laptops, which typically have many restrictions tied to them in terms of what applications the employee can install. Therefore, the employee has a personal attachment to these devices and swears by them both inside and outside of the office. This phenomenon, which could be brushed off as an anomaly just a few years ago, is becoming the norm in enterprises today.
Mobile device security is not a problem that you can just wish away. Employees will do things they should not do, such as pick up malware from a free app they just downloaded to their BlackBerry. That leaves you — the IT professional with corporate responsibilities — to be accountable for preventing security breaches when possible and remedying a breach after it happens.
Common threats to mobile device security include:
- Mobile Phishing and Ransomware – Just like PC scams, hackers are using social engineering through mobile apps and SMS text messages to take advantage of human behavior and trust to gain access to data or infiltrate businesses. Malware then ends up on the user’s PC.
- Cross-Platform Banking Attacks – Attackers are using malware on PCs to infiltrate mobile phones in hybrid attacks on users’ bank accounts. Adding to the scam, thieves post a warning message such as “for increased security, download this app,” and they ask for the user’s phone number and email address to send an SMS text message or a link to download the malware.
- Cryptocurrency Mining Attacks – Ever wonder why your mobile device is losing battery power too quickly or why it feels overheated? You might have cryptocurrency mining malware on your device. The malware infiltrates mobile devices in search of digital currencies, like Bitcoin and Litecoin.
Lost or stolen devices are ticking time bombs until deactivated. Mendacious folks who have possession of these devices can access your network and the assets inside your network, resulting in high exposure of your business.
Three characteristics define the demise of a mobile device from users:
- Loss – Mobile devices are small so your employees can lose them a lot easier than they can lose a desktop computer. Mobile devices can also easily slide out of your employees’ pockets or purses.
- Theft – Smartphone devices are very attractive to thieves because of their popularity and resale value.
- Replacement – Employees like to periodically upgrade their old phones to newer, sexier devices and as a result, sell or give away the older devices. Why do you care? Because these devices frequently contain proprietary enterprise information that can fall into the wrong hands.
Companies are realizing that they need to be equipped with tools to protect the enterprise and its users. Companies such as MobileIron, Juniper Networks, Lookout, and others provide security applications that are available on a variety of smartphones with the express purpose of providing a secure experience including antivirus, URL filtering, malware detection, encryption capabilities, and so on. AirWatch by VMware offers an SMS solution with robust encryption and authentication to augment the somewhat-weak security built into SMS messaging.
The tools for enterprise mobile device security are increasingly available. You can start to experiment and roll out solutions to enterprise network users. The ubiquity of devices and their operating systems means that any solution you employ needs to support at least the top smartphones in the enterprise so that you can cover the broad customer base with smartphones.
By: David Campbell