Question

1. How does the large range of different mobile devices impact corporate efforts to secure corporate information? Explain.

Answer 1

As mobile device access for workers has increased, so have the potential security threats. All it takes is one security breach via an employee’s corporately owned mobile device via a public network, and a hacker could easily gain access to proprietary company data. Most enterprises have security policies in place to thwart hackers; however, those policies are less effective when an organisation lacks visibility regarding the networks accessed by employees on their corporate devices. This lack of visibility creates blind spots that leave an enterprise’s data vulnerable to security threats.

Enterprise Mobility Exchange surveyed their audience in July and August of 2018 to uncover the biggest mobile security threats, what applications employees were using and which networks they were connecting to. The results of the survey are very concerning. Many enterprises could not identify how often they were breached. Also, many enterprises lack real-time visibility regarding which devices are connecting to their networks using corporate VPNs. Many are also ignorant of the many activities being carried out on devices.

Many enterprises harness mobile technologies to give employees increased access to company data in real-time. This helps to better serve customers, manage operations and increase productivity. Some enterprises allow employees to bring their own devices (BYOD) with others providing a corporate-owned device.

In the survey, more than 72 per cent of respondents said that their enterprises used over 100 corporate-owned mobile devices, including 32 per cent of respondents who used over 1,000 devices. Irrespective of the number of devices in place, an organisation still needs to have the same security in place. With an increasing number of devices appearing in the workplace and the associated number of mobile apps, there are an increasing number of mobile security challenges to consider.

Respondents in the survey were asked to rank the greatest mobile security threats for their organisations.

Top security threats

• 44.59 per cent - DATA LEAKAGE: Private or secure data is stolen and released to parties who should not have access to it.
• 25.68 per cent - PHISHING ATTACKS: An attacker falsifies an identity to trick a user into opening an email or visiting a website to obtain sensitive data.
• 9.46 per cent - INSECURE APPLICATIONS: Applications that lack state-of-the-art security, and are vulnerable to hacks.
• 9.46 per cent - SPYWARE: Software that is secretly installed on an operating system with the goal of getting private data.
• 5.41 per cent - NETWORK SPOOFING: A malicious third party forges an identity with the purpose of launching network attacks and stealing information.
• 5.41 per cent RANSOMWARE: A form of malware in which computer or data access is blocked until the user pays a ransom to the hacker.

Data leakage is a very serious IT health issue. Mobile phones are actively connected to the Internet of Things (IoT) over the corporate office network. The phones also have access to emails containing critical or sensitive company data that, if exposed or hacked, may result in the loss of a million-pound contract, for example.

Mobile workers are the root cause of many mobile security vulnerabilities - even without them knowing. This includes neglecting device updates, sharing company data over public Wi-Fi or even using their corporate-owned device to accidentally click on insecure links. Mobile apps are often the cause of unintentional data leakage because the majority of mobile users don’t check the permissions they are granting. Not having that latest OS version and security patches installed is always a risky practice. Also, hackers set up fake access points in high-traffic public locations, giving these points common names, such as ‘Free Airport Wi-Fi’ or ‘Guest Coffee Shop,’ which encourage users to connect.

Although many enterprises are unsure about the number of security incidents that occurred last year, most of them still believe they take security very seriously. Over 93 per cent of respondents have organisation-wide security policies regarding corporate-owned devices. However, 28 per cent do not enforce those policies, which could leave them vulnerable to an attack. In addition, 36 per cent say that they do not provide mobile security training for employees. Another 31 per cent provide security training, but not on a regular basis.

Despite these security concerns, 66 per cent of enterprises allow their mobile workforce to operate a corporate-owned device without a VPN. Enterprises use VPNs to ensure a secure connection for remote workers. By not requiring a VPN with corporate-owned devices, enterprises are more vulnerable to security risks.