As mobile devices become more accepted for remote work, corporate data, applications and systems they access are at increased security risks. Organizations must ensure measures to protect devices by establishing device management policies and implementing the right platforms to secure corporate assets.
Today, IT admins face the challenge of ensuring that mobile devices are secure enough to access corporate data. Here are some common mobile device security pain-points that IT personnel must deal with. Let’s call them the 5Ps!
1. Phishing
Phishing is one of the most common attack vectors in existence. On mobile devices, phishing occurs in the form of emails that appear as if they are from legitimate businesses. In fact, 91% of all cyberattacks begin with a phishing email to an unexpected victim[1]. These emails contain links and attachments, which, when accessed, can silently install malware on the device.
Bad actors can carry out phishing attacks to steal data like an employee’s identity and login credentials. Besides accessing suspicious emails, visiting compromised and malicious websites are also one of the leading avenues for security breaches on mobile devices.
| Blocking websites is one of the most important ways to prevent users from accessing phishing websites. Also, restricting device functionalities that aren’t needed by the user and controlling app permissions on a granular level to prevent apps from gaining permissions they don’t need is essential to the security posture of the organization. |
2. Passwords
Passwords are terrible. Employees hate them, forget them, use easy ones (read: weak) and reuse them for personal accounts, probably with security vulnerabilities. Even if people use strong but old passwords that were part of previous data breaches, organizations carry the risk of compromising their data.
Poor password habits indicate that every time an employee recycles a password, it opens the door to corporate data theft. As remote work persists and employees continue to use mobile devices, there’ll be increasing levels of risk. It’s convenient for organizations to blame employers for not following guidelines, but organizations may not be doing enough to establish a password management policy.
| IT decision-makers can step in and address this problem. With the help of an MDM solution, they can build and implement a password policy to protect corporate data. MDM tools such as Scalefusion allow IT admins to configure password rules that define the strength and complexity of passwords to increase the safety of mobile devices. Rules can include password length, complexity, age, history, and account lock-out policy. |
Learn More: How to Define Password Policy
3. Patching
Unpatched vulnerabilities cause one in three breaches, as per the 2021 X-Force Threat Intelligence Index from IBM. When targeting companies, malicious actors like to exploit any unpatched security vulnerabilities hovering over device operating systems (OSes). OS and app developers release patches and updates to bring new features and patch any newly discovered vulnerabilities. However, when employees delay updates, devices are left vulnerable to security risks.
Effective patch management requires accurate and current knowledge of what version of operating systems is running in the organization’s environment. An incomplete view of asset inventory will cause ineffective monitoring of mobile devices, which will result in missing new vulnerabilities.
| Automated OS patching helps IT staff update OS across all mobile devices. Scalefusion’s patch management for Windows gives IT staff the option to “set it and forget it”, meaning they can automatically apply the latest available security patches on all Windows workstations. |
4. People
The human element continues to drive data breaches. As per Verizon’s Data Breach Investigation Report, 82% of breaches involve the human element. Whether it is using stolen credentials, phishing, misuse, or simply human error, people continue to play a significant role in incidents and breaches[2].
In October 2022, Japanese automaker Toyota suffered a breach of customer records after a hacker obtained credentials for one of its servers from source code published on GitHub by a website development subcontractor. The third-party “mistakenly uploaded part of the source code to its GitHub account while it was set to be public”. The breach resulted in a data leak of 300,000 customers.
| MDM plays a limited role here. Conducting training and awareness programs across the organization to educate employees on the risks involved when not updating software for security purposes can help protect corporate data. However, organizations can use the content management capabilities of MDM platforms to promote mobile device security and data protection policy documents as a part of the work culture. |
5. Privilege
Bad actors are usually financially motivated to access, exploit, or damage corporate data. Privilege misuse is the pattern where people use the legitimate access granted to them as employees to steal data.
| Protect privileged accounts with strong password policies and regular password resets. Allot passwords as per the needs of each employee and grant them only when needed. This approach can help avoid privileged password abuse. |
Wrapping Up
Whether an organization supports a single OS or a variety of them, Scalefusion offers ample visibility, manageability, and security for devices running on Android, iOS, Windows, and Linux. Get the right balance between device security and employee productivity with Scalefusion. Click for a 14-day free trial.
