What to Do About 7 Mobile Security Threats You Can't Ignore

Posted on June 11, 2015

Last year, mobile devices around the globe generated more than 86 exabytes of traffic. That's 94.5 trillion megabytes, or more than 90.1 million terabytes of data.

How much of that was secure? More importantly, how much of it was the kind of sensitive corporate data that could put a company at reach of a reportable data breach? SNS Research, the firm that came up with the estimate for mobile traffic didn't speculate on that ? but nearly every CIO and IT manager has had nightmares about it.

In fact, according to a recent survey, 73% of CIOs said that the mobile devices employees bring to work pose the greatest security risk to their enterprise. "But there are a number of relatively simple policy and implementation steps that IT can take to mitigate the risks that personally owned devices pose," says Prat Agarwal, director of business development at Breezy.

"We talk to CIO's and IT managers every day, and the tips here from real-world situations faced by enterprises we've talked with are practical and easy to implement," Agarwal says.

Here's Agarwal's list of seven practical ways to improve mobile security:

  1. Keep truly sensitive data off mobile devices
  2. Make sure your IT infrastructure is up to the task
  3. Consider limiting the use of personally-owned devices in high-risk settings
  4. training, re-training, & more training on policies & risks
  5. Consider a financial incentive " like reimbursement for mobile costs " for policy compliance
  6. Remember that encryption is still the strongest deterrent
  7. Don't overlook Macs & iOS devices

Manage Data & Apps ? Not Just Devices

The first step is recognizing that securing data sometimes means keeping the data off of mobile devices. Sensitive corporate data doesn't belong on web-based or mobile apps that a user downloads from a consumer app store. So restricting access to sensitive corporate data is the first step in avoiding a data breach from a lost, stolen, or compromised mobile device.

Second, make sure that the IT infrastructure is up to the task of handling BYO devices and data in a secure fashion. "That means selecting and deploying the right enterprise mobility management (EMM) solution for your business," Agarwal says.

Enterprise mobility management (EMM) is more than a pre-packaged security product, he adds."EMM is the people, processes and technology used to manage and secure the ever-growing variety of mobile devices, wireless connections, and related services that are now an integral part of everyday business."

The third tip Agarwal says he's learned from CIO's is harder, and less common. "Limiting the use of personally-owned devices among employees who handle the most sensitive data is becoming a necessity in some heavily regulated industries, and in some countries where the penalties for a data breach that includes personally identifying information (PID breaches) can be severe.

"For example, I've seen companies that allow BYOD for many employees, but don't allow it for those on the legal, human resources, or accounting/billing teams who routinely handle the most sensitive data. I've also seen BYOD restricted for R&D employees and those who work with military or defense systems."

Training, Reimbursement, and More Training

The fourth area to focus on is training. "Employees simply do not understand the security risks posed by mobile devices," Agarwal says.Survey after survey points out the disconnect between employee behavior and company policy.

Training employees on policy means a thorough and ongoing discussion of the security risks mobile devices pose. "Employee training isn't a one-time event," Agarwal stresses.

Reimbursement for some or all of an employee's mobile device costs is the fifth area that some CIO's are looking at as a way to reinforce " and enforce " BYOD policies and employee compliance with security policies. "Law firms are way ahead of other companies when it comes to reimbursing employees for at least some of the costs involved in keeping their devices up to date, and enforcing the use of the latest antivirus software and other security technologies," he says.

"But we're starting to see more companies offer a financial incentive to employees to comply with company policies. It's harder to argue that, "I pay for everything, so the company has no right to limit how I use my smartphone" when the company is reimbursing for at least some of the costs." Negotiating lower rates for employees with major cell phone providers is one of the most popular ways companies are helping employees lower their out-of-pocket costs, as are discounts on new devices that come pre-loaded with security and anti-malware tools selected by the company.

Encryption: Still the Strongest Deterrent

Unencrypted email, open Wi-Fi, and unsecured mobile printing solutions are among the most common mobile security threats that go ignored too often, Agarwal says. "I can't stress too often that employees under deadline pressure will take whatever shortcuts they need to take to get the job done. If that means sending a document that contains sensitive data to a personal email account so it can be printed, that's what they'll do.If that means using an unsecured "public" Wi-Fi portal because they don't want to pay cellular data rates or roaming charges while they travel, that's what they'll do. And that leaves company data at risk."

Verizon's 2015 Data Breach Investigations Report put the total at 2,122 data breaches last year, with nearly 80,000 incidents. Agarwal says that many of the breaches could have been avoided with encryption.

"Breezy was founded around the idea that encrypted files were the best way to allow for secure mobile printing, and years of experience has shown that's still the case. Think about it: a lost or stolen device where all the valuable data is encrypted isn't nearly as attractive or useful to a thief as one where the data is just sitting there for anyone to see," he says.

Encryption also foils man-in-the-middle attacks, like the recent Starbucks breach where a hacker captured individual user passwords from the Starbucks app, and used that access to raid mobile devices for valuable information. "This is a case where the corporation's own security wasn't breached, but customers had their individual information stolen when the connection to the app was hijacked. And it can happen more easily than you think," he adds.

Don't Overlook Macs & iOS Devices

Everybody knows that you don't get malware or viruses on Macs, right" Think again, says Agarwal. "Devices running Apple's operating systems have a good track record " but it's far from perfect. And as the popularity of iPhones and iPads has exploded, they've become more attractive targets for hackers and thieves."

Specifically, he adds, third-party software often brings vulnerabilities to iOS devices, and Macs aren't immune to having malware introduced from seemingly safe websites. "We're seeing more and more ransomware attacks " where data is locked and a demand for money is made if you want it unlocked " on iPhones and iPads," he added. "It can seem trivial " pay $9.95 or $19.95 to get your problem "fixed". But what happens to the data in the meantime" And what happens when an employee ignores the "ransomware" demand""

The new Intel Security Threats Report touched on a wave of new ransomware, driven by CTB-Locker, Teslacrypt, and new versions of CryptoWall, TorrentLocker, and BandarChor. Still, during the RSA Conference in April, experts told the audience that they were more likely to be struck by lightning than infected by mobile malware if they simply followed basic "common sense" security practices such as connecting only to known networks and paying attention to the URLs they connect to.

Many experts say that phishing (diverting traffic from a legitimate site to a fake site where the user's credentials and data is captured) is easier on mobile devices because the comparably small screen cuts off suspicious looking URLs and the lock icon associated with an SSL connection is not visible.

Breezy's secure mobile printing solution adds an extra layer of protection to the mobile devices that connect to your network or store your data. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.