Five threats to mobile security and how to combat them
Mobile devices make it easy for employees to access business information whenever and wherever they need it. Venues like coffee shops make great temporary work stations, but their free Wi-Fi can be vulnerable to hackers.
To support mobile work and keep organizational data safe, give employees access to a mobile Virtual Private Network, which “A virtual private network (VPN) is a private network that is built over a public infrastructure. Security mechanisms, such as encryption, allow VPN users to securely access a network from different locations via a public telecommunications network, most frequently the Internet.”
2. Bring Your Own Device (BYOD)
Mobile workers are also often BYOD adherents, preferring to work with devices they’ve chosen themselves. There are risks, however, in mixing personal and valuable business data.
- Containerization creates a barrier between personal and company data, but is only effective if users install patches and updates as they become available and don’t modify (“jail-break”) their operating systems.
- Encryption temporarily destroys protected information when the device is locked but requires two steps to reassemble: the device’s passcode and an encryption key or passcode.
- These options may be included in a larger Mobile Device Management or Enterprise Mobility Management program. Designed to monitor and manage corporate devices, they can also ensure compliance with corporate security policies.
3. Texting
Texting can help users connect with clients and other team members. However, text messages can also be intercepted, rerouted or infected with malware.
The best way to deflect such threats is user education. Remind your BYOD users to always:
- check with contacts before clicking on unexpected or strange links
- delete texts sent from non-cellular numbers, or from strangers containing links, job offers, private or financial information requests
4. Lost and Stolen Devices
Working on the go may increase productivity and job satisfaction, but it also increases the chances of employees losing mobile devices.
- Remote location tracking apps can play loud music to help owners find misplaced devices, while lost or stolen hardware may be remotely locked or fully wiped.
- Multi-factor authentication (MFA) requires users working offsite to input, at minimum, a password and a secret, single-use code their organization texts them.
- Context-aware authentication (CAA) is a more sophisticated type of multi-factor authentication. The difference is that MFA requires users to perform the same steps every time they remotely access corporate systems. CAA, on the other hand, gathers information about where each remote access request occurs and makes a risk assessment. Based on how safe the situation is (public Wi-Fi network security, the sensitivity of the requested information, etc), the steps required to log on become proportionately easier or more difficult. .
- Biometric authentication methods, such as iris and fingerprint scanning, as well as facial and voice recognition, are still relatively rare, but are becoming more common as mobile security issues continue to grow.
5. Advances in Cybercrime
As quickly as IT experts build mobile security solutions, cybercriminals are working to defeat them. One of the best mobile security strategies enterprises can take is prohibiting the storage of critical information on mobile devices. Store everything in the cloud instead. Mobile devices may be hacked, stolen or damaged, but if they contain no useful information, security and productivity losses will be minor.