Why Mobile Security Worries IT, But Not Employees

Posted on June 25, 2015

Where do the mobile devices that connect to your network go when they leave the premises" No one really knows, and that's one of the reasons that mobile security worries IT, but not rank-and-file employees.

A new Spiceworks survey that compared answers from IT professionals and the employees who worked at the same companies points to a wide gap in the way employers and employees view the issue of mobile security. Key findings mobile security findings from the IT professionals included:

IT pros worry most about mobile attacks from malicious file downloads (57%), malicious apps (50%), intentional/inadvertent leakages of sensitive data (49%) and email (48%). Surprisingly, just over a quarter of IT pros mentioned mobile Web browsers as a concern, although other research indicates that the top malware target inside corporate networks is the web browser.

Unfortunately, says Jared Hansen, CEO and founder of Breezy, data from many sources shows a wide gap between the worries IT pros have about mobile security and the behavior of enterprise employees using mobile devices at work. "As soon as a mobile device enters the office or factory, personal and business interests begin to merge," he says.

Survey giant Ipsos Mori surveyed employees at large enterprises, and found that:

Entrepreneur Magazine wrote that the fact that half of employees use personally-owned devices to conduct company business could be considered good news. "But it hardly canceled out the aforementioned misuse, which may result in who-knows-how-much company business leaking outside the building to who knows where,? the article stated. ?That ?50%? also raises the question: Have you, a decision-maker at your company, devised any plans to prevent or minimize how much company data leaves your building, in the form of storage inside your employees" smartphones and other mobile devices

Hansen is sympathetic to the problems faced by enterprise IT. "There's no way to know where a mobile device goes after work, or what network it's connecting to. So a strong enterprise mobility management (EMM) solution is your best protection. But you can't ignore employee training ? and you can't ignore the question of secure mobile printing."

Strategies for Mobile Device Security

Hansen says that companies should think of mobile devices as a kind of company diary. "You don't want this diary left just anywhere. But if it is, you don't want it easily opened for anyone to see what's inside it. That's where on-device encryption comes in." Breezy, the secure mobile printing leader, was founded when Hansen couldn't find a secure way for lawyers at his law firm to print from their mobile phones. On-device encryption is part of Breezy's approach to protecting company data, and so is integration with leading EMM solutions from top vendors like AirWatch, Citrix, Good Technology, IBM and MobileIron.

However, even the best EMM solution isn't foolproof ? so employee training should be the secondary line of defense for any business. "It's easy for IT pros to forget that employees have very little understanding of what kinds of behavior are risky, and what threats are out there. Training isn't a one-time event. It has to be part of an ongoing communications strategy," he says.

So what do you, as an IT professional, know that your employees need to know? Here are five important training and policy topics to consider.

First, teach employees about phishing scams. They're the #1 way cybercriminals steal data. One "innovation" is for a criminal to impersonate a company officer or someone from the board of directors, and create an email that creates a sense of urgency (for example: subject line: Get back to me ASAP). If the user doesn't pay attention to the details, and clicks on the link inside, it's easy for them to be lured into revealing sensitive information to the "boss".

Second, require that all devices be protected with strong passwords and enforce regular password changes. If an employee leaves a device unattended, or it's lost, a strong password might discourage casual "snoopers". Ongoing reminders, that include "reasons why" passwords need to be changed and tips on making them stronger, are essential.

Third, encourage employees to buy or download applications from a trusted app store instead of a third-party source. Training is paramount here. "We don't always question the motives of someone who is providing a free app," Hansen says. "Sometimes it's obvious where the app provider makes money " in-app purchases, encouraging users to browse "deals" offered by the app developer, etc. But it isn't always obvious. And there are apps out there where your data " acquired from your employees openly or covertly " is how the developer plans to make money."

Fourth, prohibit devices that have been "jailbroken" or "rooted" from connecting to your network. "When an employee manipulates the device's factory-installed operating system, they are inadvertently making a hacker's job easier," Hansen notes.

Fifth, develop and enforce a policy about public Wi-Fi access. Most public Wi-Fi connections tell users that they are not secure, but it's easy to overlook the notice when you're agreeing to a policy to connect, especially if you're looking at a small smartphone screen. "A virtual private network (VPN) connection will significantly boost the protection for sensitive data," Hansen explains.

One of the more controversial security tools IT may want to consider is a remote wipe function. Some erase data after a set number of password attempts, while others enable remote wiping if a device is lost or stolen. According to Hansen, including a remote wipe function in your mobile security strategy requires intensive training to avoid problems. "Employees have to be aware of the company's policy on remotely wiping data, so that they can back-up any personal photos or files stored on their devices. This is especially important if it's a device owned by the employee, but it's also important even with company-provided devices," he says.

The goal, he adds, is to discourage hackers and thieves, while encouraging employees to follow the right procedures to protect themselves and the company.

Breezy delivers device and operating system agnostic secure mobile printing with on-device encryption for smartphones and tablets running Android and iOS operating systems. Breezy's secure mobile printing technology is fully integrated with leading EMM providers like AirWatch, Aruba, Citrix, Good Technology, IBM (Fiberlink's MaaS360), MobileIron and many others, and can add an extra layer of protection to the mobile devices that connect to your network or store your data. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.