Mobile security in the enterprise

The impact of mobile devices is often an afterthought, even though they have come to dominate both the every personal and professional sphere.

Prior to this they were tools for nothing more than voice communication, and with the exception of the Blackberry that was designed with security in mind, security was not initially a compelling element of their functionality.

A recent report by Statista revealed that by 2018 there will be 2.53 billion smartphone users worldwide. A dramatic increase from 1.57 billion in 2014.

As their alluring combination of functionality, convenience and connectivity grows, making them an almost perfect platform for business productivity, security is now seen at the key challenge for those tasked with mobile device management. Mobile usage at work is predicted to continue to increase with IA recently reporting that three quarters of Europe’s workforce will be mobile by 2018.

This growing sophistication in technology and the proliferation of mobile devices is changing the workplace dramatically, but in doing so, it is presenting added security issues for businesses.

Mobile working is here to stay

Increased mobile activity in the workplace is a hotly debated topic. The debate over whether or not mobile devices improve productivity often crops up with statistics giving good arguments for both sides. A recent survey by CareerBuilder has revealed 55% of hiring managers believe mobiles are detrimental to workers’ productivity.

>See also: Building enterprise mobile apps for business the right way

Despite this the benefits of mobile working are clear to see. It enables employees to access work files from anywhere, at any given time, helps reduce travel costs and improves employee’s work life balance.

But, flexible working can also present a problem. Doing work over a cappuccino in a cosy café may appeal to many workers and the free Wi-Fi offered by the coffee shop allows this to happen, however connecting to free hotspots can leave workers open to security threats and breaches in important corporate data. So, it would be natural to assume that most enterprises would implement a VPN solution to protect this, but how many actually do?

According to a recent survey by Toshiba over half of employers in Europe are worried about the security risks mobile working can bring to their business data. These concerns are completely rational with recent high-profile network breaches damaging both the operation and reputation of large organisations.

Where in the past malware attacks via mobile phones were rare, there is now a growing trend in mobile malware incidents with McAfee Labs detecting over 1.5 million in 2017 so far.

However, despite these concerns, according to Egnyte 65% of companies now allow personal devices to connect to their networks.

The security risks of mobile working

The high number of mobile devices now connected to the network poses a challenge for IT departments. With 79% of security professionals questioned in a recent survey by Dimensional Research saying that the difficulty in securing mobile devices was growing.

>See also: It is time for enterprises to embrace mobility?

The overload of devices connecting to the network also makes it harder for IT departments to authenticate and determine just exactly who is accessing the network and important data. For this reason, traditional security tactics such as firewalls, IPS and anti-malwares are no longer enough.

Another authentication issue that impacts mobile security is password breaches. We all know someone who has had their social media account hacked or personal shopping account for an online store hijacked and this is mostly down to weak passwords. However, recent reports in IA also show that many users in the UK never log out of their mobile applications including their online banking.

Reports like this make for worrying reading considering many companies now rely on the use of applications for a number of business critical functions, meaning that sensitive data can easily end up in the wrong hands.

Even more concerning is the admission that more than half of the people surveyed in the UK don’t even have a password set up to protect others from accessing their mobile, which heightens potential security breaches even further.

When it comes to data security in general a fifth of IT professionals feel that employee complacency is a major factor in data security breaches but with the recent high profile attacks and widely reported damage that cybercrime can have on businesses, many organisations have stepped up security software.

>See also: Enterprise mobility management: the mobile device at work solution?

However, when it comes to mobile device attacks security professionals seem less prepared and less confident with further findings from Dimensional Research’s report disclosing that 64% of the IT professionals were doubtful that their organisation could prevent a mobile cyber attack and 24% of them were unable to detect whether they had been attacked or not.

This common lack of knowledge filters down through the company, so it comes as no surprise that some workers presume their smartphones are immune to such attacks.

Preventing mobile cyber-attacks

The above reports and statistics highlight how the onus isn’t solely on the IT departments. Educating employees about the risks that mobile working can bring and how to minimise this risk is key. And with 94% of industry professionals in Dimensional Research’s survey predicting that mobile attacks will increase, making sure everyone is up to speed on the latest scams can seriously minimise the threat of data impeaches

Learning from past breaches can help a business to prepare for future attacks. What happened? What part of the organisation’s security let them down? And how can your business prevent the same thing from happening?

These findings can then be used to inform a clear mobile security strategy based on a security assessment to highlight the areas where a business is most vulnerable to potential breaches.

>See also: How the Internet of Things is impacting enterprise networks

Mobile device management (MDM) software should be utilised to secure the devices within the enterprise and it’s critical that IT departments have the capability to add or remove devices from the system to ensure sufficient network efficiency and security, but this service needs to be agile, as app updates, including security patches, require timely installation.

>See also: Mobile technology: giving CIOs peace of mind

Simple steps like password protection using two-factor authentication will also help strengthen security with two stages of confirmation required when accessing company documents or systems.

While it may seem like there are many worrying reports and statistics on mobile security there’s also support and resources for businesses looking to embrace the challenges that are created by the evolution in technology.

Security works both ways

Although security is usually considered a one-way street, it no longer is. The manufacturers of mobile devices are now building in increasingly more sophisticated security measures.

From fingerprint ID systems to the latest in facial recognition, these tools are used to lock the device and prevent unauthorised users from accessing it. But what if that ‘unauthorised’ user is actually the enterprise manager? Potentially leading to a situation where a business is locked out of its own data.

>See also: Corporations ‘not prepared’ for mobile breach

To complicate matters further mobile device manufacturers are starting to side more with the individual, as opposed to a business with the closing down of ‘back doors’ that may have been designed into their systems to allow for recovery of data.

This may respect the privacy of the individual but does it leave a business exposed? If they have rigorously enforced acceptable usage guidelines, then perhaps, but as the lines between business and personal use continues to blur, the security discussions become increasingly sensitive.

This means that a disgruntled employee could theoretically hold data on their device and prevent the business, from having visibility and access to it. An enterprise with a modest fleet of mobile devices, each containing in excess of 100Gb of storage, could easily have terabytes worth of unsecured, unmanaged and unprotected data operating outside the traditional confines of their infrastructure.

The manufacturers see increasing levels of security as a hugely positive selling point, whereas those who have a genuine need to access the contents of the device do not.

>See also: The number of enterprise mobile apps is not accelerating – Gartner

Here to stay

Mobile in the enterprise offers many business benefits and is clearly here to stay. The key is finding the right blend between enabling workers to be productive at work and offering flexibility and mobility without hindering security.

 

Sourced from Neil Atkins, director at SCC

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...