Mobile Device Use Continues to Grow
Mobile business devices have grown considerably thanks to cloud computing and a more mobile workforce in general. Today, they comprise roughly 60% of an organization’s endpoints today while accounting for 80% of the workload. Unfortunately, the mobile security attached to those devices often lags behind.
Equally important, the pandemic created a shortage of laptops and tablets. Even the devices available had 16-week lead times or even longer. As a result, 36% of organizations permitted access to company resources to employees using their own devices over the last year. Many organizations have carried that plan through in 2021. Twenty-five percent of companies, for example, have adopted a bring your own device (BYOD) policy, but fewer than 25% support bring your own PC (BYOPC).
Mobile Security Often Gets Overlooked
Unfortunately, mobile security is often an afterthought. For instance, companies fail to enlist the same protocols for mobile devices as they do for data accessed from computers.
In a Verizon study of mobile security and management professionals and security companies, 40% of respondents indicated mobile devices are the biggest threat to IT security. In addition, 50% reported that security risks associated with mobile devices are growing faster than other security risks. Plus, another 53% said they suffered significant consequences owing to a mobile device security incident.
Not surprisingly, 97% of those surveyed said that remote workers are more of a breach risk than on-premises workers. Here are some reasons why:
- 92% of companies failed to block the use of Wi-Fi on work mobile devices.
- 89% of organizations rely on a single security strategy for mobile networks.
- 39% of mobile device users change all default passwords.
- Only 38% of users use 2FA.
- Only 31% of companies use mobile device management (MDM) or enterprise mobility management (EMM).
- Although company devices prohibit social media on company devices, 45% said they knew employees who used it anyway.
- In 2020, work device access to adult websites increased by 600%.
- 49% of employees allow friends and family to access work devices.
Common Mobile Threats
Mobile threats take four forms. First, application security threats when users download apps. Second, web-based threats where malicious content automatically downloads to a device. Third, network security threats associated with Wi-Fi networks. Fourth, device loss or theft.
Trend Micro discovered that only 20% of Android devices have security apps installed. And there are 400 million activated Android devices. So, 320 million devices remain open to malware attacks.
On top of that, cell phone theft is common. The FCC reports that cell phones account for 30-40% of robberies and thefts in the U.S.
Mobile security threats present themselves in any number of ways:
- Social engineering through phishing or smishing.
- Malicious apps as 85% of mobile apps are largely unsecured.
- Unsecured Public Wi-Fi networks.
- Encryption gaps where there is a security gap between the beginning and end of a network or app.
- IoT devices where hackers can gain access through an IP address.
- Bad password practices
- Lost or stolen mobile devices
- Patch vulnerabilities and out-of-date operating systems
These vulnerabilities make it imperative that your organization take the necessary steps to secure mobile devices.
Make Mobile Security Part of Your Overall Strategy
Mobile security needs to become part of your cybersecurity strategy, with mobile devices accounting for most company endpoints. That means implementing best practices to avoid vulnerabilities.
Generally, four basic protections for IT security include:
- Changing vendor-supplied passwords
- Encrypting sensitive data
- Restricting access on a need-to-know basis
- Regular testing of security systems and processes
According to Verizon and its Mobile Security Index, only 9% of organizations implement these protections. Even worse, 15% of organizations have none of the protections in place.
Credit: Verizon Mobile Security Index
Follow These Security Best Practices
When you consider failures to implement even basic security practices, improving mobile security becomes even more paramount. Make sure your mobile security checks off these critical considerations:
- Insist on User Authentication: Make sure mobile devices use the screen lock along with a password, PIN, or facial recognition for entry. Multi-factor authentication layers an additional level of protection to devices and your network.
- VPN: Ensure that your employees access your network from a VPN and not Wi-Fi. Sure, Wi-Fi access is readily available and accessible, but even novice hackers can intercept traffic from a Wi-Fi connection. Considering how easily hackers gain access, make encryption a requirement for all communications.
- OS Updates: Make sure software and applications are current. You can facilitate that by turning on automatic software updates by default.
- Antivirus Software: Deploy anti-virus software on devices and make it a requirement. In addition to software, however, it’s essential to monitor devices for security threats actively. At the very least, you should conduct an annual audit using penetration testing to uncover vulnerabilities and policy violations.
- Malicious Apps: Users should install apps directly through official application marketplaces. In addition, you can provide employees with a list of pre-screened, verified, and company-approved mobile apps. EMM solutions allow you to block specific apps based on security policies and permissions.
- Mobile Security Policies: Draft strict security policies for mobile device use, including screen locks and prohibiting device sharing. Only allow approved devices to access company applications. Include a remote lock and data wipe policy in the event a device is lost or stolen.
- Data Backup: Always make sure you have some form of automated mobile data backup in place. It’s best to create a business continuity and data backup (BCDR) plan in the event of significant data leakage.
- Cyber Awareness Training: Cybersecurity education ensures your employees have adequate knowledge to uncover potential threats. Cyber awareness training can familiarize staff with smishing exploits, for example, to minimize your risk of ransomware.
Mobile Security Raises the Stakes
The proliferation of mobile devices and technologies substantially raises the stakes when it comes to cybersecurity. Consequently, it demands even greater attention and expanded efforts, particularly for small to mid-sized organizations.
If you’re facing mobile security concerns, get the support you need. Our IT company delivers cybersecurity services that virtually eliminate your chances of a security breach. Plus, we focus our efforts on the needs of SMBs to give you access to enterprise-level IT solutions at affordable costs.