Mobile Security - Your Biggest Risk
Are your employees connecting their mobile devices to your network on the sly? Can you tell?
You may think you have a handle on BYOD but employee behavior might tell another story. Rather than going through IT to properly integrate personal devices into the corporate network, and follow corporate mobile policies, many employees will simply sneak their own devices in.
They may not want to deal with the perceived hassle of following procedure to comply with company device policies.
Or they may simply want access to resources the organization doesn’t support, or they consider easier to use – like Dropbox, for example – unaware of the organizations’ security reasons for not supporting these resources, or lack of knowledge of tools which the organization does support.
Whatever the reason, it’s likely that there are more than a few stealth devices on your corporate network, risking sensitive data and company functions on a daily basis.
What’s the harm with personal cell phones and tablets having unfettered access to your corporate network?
Potentially, quite a lot.
Unmanaged mobile devices present huge security risks.
Unsuspecting employees could unwittingly leak sensitive information via unmanaged mobile devices. Further, unsecured devices that are lost or stolen, hacked, or infected with malware can become the gateway for unauthorized access to even more company data.
Even employees who think they use their unsecured device responsibly may be putting the organization at undue risk. Common sense tactics for protecting against viruses and malware on a desktop don’t necessarily translate to the mobile environment. End users who aren’t familiar with the forms these latest threats take are the most vulnerable.
The riskiest behavior for acquiring malware and viruses is no longer looking at adult content – it’s advertising banners on mobile devices. And contrary to popular perception, there is no discrimination between Apple or Android in terms of risk. Apple devices can be hacked to find the code to decipher passwords, while Android devices are often targeted for “malvertising” – hiding Trojans and other viruses in advertising that prompts a legitimate looking security popup for a user to approve. Brian Krebs just announced critical flaws in both Apple and Samsung that allow theft of passwords on iOS and a keyboard vulnerability in Galaxy S6.
Why deal with it? Wasn’t BYOD supposed to be easy and reduce the burden on IT? Yes and no – IT might be relieved of the responsibility for maintaining a mobile device inventory, but even with a BYOD mobile environment, your IT team still needs to keep up with best practices for mobile security to ensure that risks are managed.
Paradoxically, mitigating these risks in a BYOD environment can be an even bigger hassle than they would be in a traditional corporate-owned device environment.
Not only do you need to invest the time and resources to establish the best mobile policies for your BYOD environment and train your IT staff on how to review each device and make it compliant - you also have to hunt down each and every one of your employees to get their devices on to the network properly, and keep them there.
Is this really what you want your managers, or IT staff, spending their time on? Do you really want IT to be the cell phone police, and potentially erode the relationship between departments over compliance with a mobile policy?
Is it even possible for mobility to be easy and secure?
There’s a solution, and it’s not BYOD.
It’s Managed Mobility Services (MMS). What could be easier than handing off the heavy lifting of mobility management to experienced professionals? MMS providers can handle policy creation, risk mitigation, and of course, save you money in carrier contracts and device purchases.
And no one in your company has to be the bad guy enforcing compliance with the policies; your MMS provider will take care of it for you. Wireless Analytics, for example, takes a white-glove approach to policy enforcement, contacting employees ahead of time to ensure they get personal data off their devices and ensuring they are as happy with the process as possible. Personal information is kept safe from gossip and HR repercussions, and experienced professionals protect sensitive company data from leaks via viruses, or employee carelessness.
Sure, you can continue to implement BYOD, and dump resources, time, and money into your program to keep it afloat. It is only going to get more complex as time goes on, though, and it will never get less expensive to maintain. As David Schofield, partner at Network Sourcing Advisors, eloquently says, “The technology is out there, but then you come down to another level of complexity. At what point does it become too complex that it’s just not worth it anymore?”