Just How Secure is Your Mobile Data?

Mobile Man / Tuesday, January 26, 2016

How secure is your company’s enterprise mobile data? The simple answer: it all depends on you.

In today’s enterprise, the expectation to provide employees with access to company data from mobile devices is almost universal. Access from smartphones and mobiles can boost productivity, create new opportunities and cut costs. However, as with any new technology, offering access to sensitive internal information via mobile devices also involves a certain degree of risk.

The cost of data leakages for companies run high – estimates put the cost of each lost document at more than $200 – so when multiplied by hundreds or thousands, the bill quickly adds up. And of course, if Personably Identifiable Information (PII) about customers is released online, brands face enormous legal fees too. It goes without saying, therefore, that mobile security for your company is essential – not only to avoid costs and fines, but also to maintain trust and confidence in your services.

According to a 2014 Ponemon study, 63% of IT security practitioners believed that a breach was very likely to happen in the following 12 months. So, do you know how secure your company’s sensitive data actually is?

The major threats for mobile today

The risks surrounding mobile data security are constantly evolving, and security providers are involved in an unending struggle with malicious hackers, careless employees and outdated tools. Where exactly are organizations vulnerable, and what are today’s major threats?

1.   Badly behaved browsers

These guidelines illustrate the risk that mobile browsers can play. Certain browsers automatically cache previously viewed web pages on the device’s hard disk. If your Mobile Device Management (MDM) provider doesn’t encrypt information when it’s at rest, malicious parties could potentially steal an employee’s device and discover sensitive data.

2.   Keeping tabs

Most of today’s smartphones and tablets allow users to keep numerous browser tabs and applications open at once, which often results in them forgetting which ones they’ve already got open. If untrusted code is running in another tab while they access company systems, you face an increased risk of attacks. Your MDM solution needs to enforce a separation between tabs.

3.   Keep up to date

Whether your employees are running apps on iOS, Android, Windows Phone or anything else, making sure they have all the latest updates and patches for their Operating Systems - as well as the apps they use - is essential. Depending on the size of your company, ensuring updates are received and processed as soon as possible can be more or less difficult. You may need to find a way of enforcing updates from the center.

4.   Devices can be tampered with

We all hope it will never happen, but employee devices can be tampered with – especially if they’re left out of sight for any amount of time. To avoid leakage and nefarious attacks on sensitive information, it’s essential to raise awareness amongst your colleagues of warning signs to look out for. Does their mobile phone run out of battery much quicker than before? Is their Internet allowance being eaten up more quickly than they think they’re using it? These are warning signs and should be acted upon as soon as they’re identified.

5.   Going rogue

Once again, this is a situation we all hope never happens. Nonetheless, if you suspect an employee is trading secrets with your competitors from their mobile, you need to be able to wipe that device of information immediately. 

6.   Defense in depth

Defense in depth is all about treating company data like an onion. Rather than having one single external firewall, your approach should have numerous layers. Say you have a SharePoint environment; you need to ensure employees can only access the information they need from their mobiles. This means that anything else within the company will be out of bounds, so nefarious hackers can only exploit one area of your organization if they do manage to leap over the security perimeter.

7.   The risk of ‘zombie apps

Zombie apps are those ‘dead apps’ on a user’s phone; a cool tool they downloaded a couple of years ago and then forgot about. These can sit in the background, ignored and unused. If they’re never updated by the original developer, hackers can find vulnerabilities in these older apps and attack your users’ phones through them.

8.   Unsecured Wi-Fi

Many enterprise users, especially when travelling, may be tempted to connect to ‘free Wi-Fi’ in public places or hotels. In many countries and places this is perfectly safe, yet certain tourist locations – including Time Square in New York, Notre Dame in Paris and Ocean Park in Hong Kong – are host to many bogus ‘free Wi-Fi’ hotspots which can be used to invade your employees’ devices.

Stay safe

As we pointed out at the beginning of this article, mobile enterprise security begins and ends with you. There are a whole range of possible threats to your company’s information, yet these can be avoided by simply ensuring employees are informed about best practice and by deploying state of the art MDMs across your systems. We let users of SharePlus and ReportPlus – our enterprise mobile productivity tools – ensure total mobile security by configuring the apps' built-in security features as well as integrating them with a wide range of the major MAMs and MDMs on the market.