Security Considerations for Mobile Devices
Mobility is increasingly an essential element of competitiveness. But while mobile devices give employees access to critical information and systems all the time, they also provide an entry point for data theft, malicious malware and other security threats to corporate systems.
With the proliferation of mobile devices, the rise in mobile malware is accelerating – from 2015 to 2016 there was a 151-percent increase in total mobile malware (Source: Intel Security, “McAfee Labs Threats Report,” September 2016). As a result, organizations must aggressively secure their mobile deployments and operating ecosystems.
Since there is no universal security solution, organizations looking to mobilize their workforce should:
- Understand their unique IT environment
- Determine which tools provide the greatest security benefits for their specific needs
The security of a mobile device boils down to control over the data it accesses, and being able to prevent intrusions onto the device itself. All versions of Android and Windows encrypt data on hard drives. But two other vulnerabilities remain: 1. Control of data being sent over insecure networks and 2. Loss of a device that is not well protected with passwords, exposing all data on the device.
Any business supplying tablets to employees should be familiar with device and network security. No matter what size business, consider:
- Risky connections to public Wi-Fi access can open users to surveillance and compromise passwords and logins.
- Unregulated sites and sources of software downloads are more prone to malware.
- Wireless transmissions aren’t always encrypted.
- Out of date operating systems and apps may have known vulnerabilities which security patches in updated software have addressed. Many developers stop supporting versions of software older than 18 months.
- “Jailbreaking” a mobile device’s OS allows a user to run third party software and other code, but it can significantly increase security risks and won’t be automatically updated with security patches.
- Unlike a computer, mobile devices are always-on, and somewhat more susceptible to phishing attacks (in which usernames, passwords, and credit card and other sensitive information are mined by bad actors disguised as a trustworthy entity in an electronic communication).
- Spyware can enable third parties to receive contacts, texts, call logs, GPS data, and even potentially control the camera and microphone for active surveillance.
With these in mind, organizations looking to securely deploy devices should employ:
- Password management
- Remote data wiping service
- Data encryption
- Jailbreak/root detection
- Data loss prevention
- Remote configuration
- Remote software updates
- Remote inventory tracking
- Remote control
Depending on the use-case, firms may also want to be able to lock certain functions such as the device camera, microphone, or connectivity.
Mobile Device Management (MDM)
Mobile device management (MDM) is software or hardware used to manage and secure devices. MDM software is usually server-based or cloud-based. MDM hardware can also be integrated into the tablet and enabled to communicate with the network.
Just as MDM can manage hardware, Mobile application management (MAM) services manage a device’s software applications, including development and deployment. Minimum MAM features include application whitelists and blacklists, enterprise application stores, application security, and remote data wiping.
Mobile device management is typically balancing multiple security objectives: confidentiality, integrity, and availability. To achieve these, it’s important for organizations to implement a mobile device security policy and monitor developments in malware and other evolving security threats.