Use of personal devices at work have increased phenomenally with the onset of 'Bring your own device' common in many work environments. This approach enables enterprises to reduce IT capex spending for providing and maintaining technological resources. On the flip side, this trend introduces new security risks to an organization and requires a company to enact measures to prevent damage.
Third-party storage devices such as smartphones or USB's are primary catalysts of valuable data leakage. A simple click can create vulnerabilities that hackers could gain access to login credentials or even bank account credentials.
Here are few ways in which malware can potentially infect mobile devices:
Malicious apps – These involve using pirated tools to create malicious codes. Once downloaded, these compromised apps can steal sensitive data or damage the device.
Devices with vulnerable operating systems Mobile devices that are not regularly updated may contain vulnerabilities. However, by running regular updates, those vulnerabilities could be patched.
Opening spam emails, text messages, and voice mail- By opening unidentified links you will be creating a doorway for cyber-attacks like SMiShing attacks (through SMS). These attacks create backdoors to carryout phishing expeditions.
Connecting to unsecure Wi-Fi/ URL’s By accessing unprotected or fake internet connections, typically found in public places, or browsing insecure websites, you may expose your mobile device to man-in-the-middle attacks
Research studies on mobile vulnerabilities revealed that 38% of iOS mobile applications and 43% of Android applications contained high-risk vulnerabilities. Most of these vulnerabilities are catalyzed due to device security mechanism weaknesses. Out of these discrepancies, 74% found in iOS and 57% in Android apps.
These statistics should not be taken lightly. They should serve as a warning to administer policies and controls when utilizing personal mobile devices for work. It's best to evaluate the following aspects that will help shape policy goals to implement regulations.
Tasks employees will be permitted to carry out from personal devices.
Services that will give access to, and data exposure caps within those services.
Accessibility limits the employee may demand over their devices.
Ways to resolve issues on non compliant end users.
The correct combination of device ownership, management, and technical control can mitigate risk arising from vulnerabilities by taking these factors into account. In the next section, we will discuss two main technological approaches by which mobile security management can be implemented.
Mobile Device and Application Management
Most of the early mobile security management suites were developed to secure the device itself. They were known as Mobile Device Management (MDM). This method does little to separate personal information and apps from company data. Even worse, it often leads to data loss.
However, managing applications has overridden MDM shortcomings and has provided better solutions to curtail data loss. There are two main technical approaches that companies have adopted using this method.
1. COPE method
COPE abbreviates to corporate-owned/managed, personally enabled. This method allows the company to have full management over the employees' devices while allowing personal utility. This method is also feasible in situations where corporate-owned devices are at the disposal of employees.
When a mobile device is managed (in iOS terms "supervised") the organization that owns the device can install, update or restrict apps in the app store, filter web usage, configure WiFi settings, or block USB file transfers.
2. Personally owned, partially enterprise managed method
This method is a lighter device management approach. It enables some device-wide configuration policy enforcements and protects company data within apps or managed accounts.
The benefit of this method is that it does not require data wipes. But on the flip side, it doesn't provide as much data security since it gives only partial control. For instance, in iOS's, the company will restrict users from installing new configuration profiles that alter security settings.
Companies opt for this method over app and data management since this method mainly avoid complete data wipes. Instead, IT administrators can carry out a selective data wipe, and in turn, data loss issues can be curtailed.
In this method, work-related tasks can be performed within an encrypted app facilitated by a Mobile Application Management service. Even though this method provides limited control over the device, it provides stronger control over the company's apps and data. These contained applications prohibit copy and paste actions across applications and enable device monitoring.
Furthermore, our priority partners such as Microsoft and Google have published guidance for enterprises to configure accessibility to Office 365 and G Suite, from personal devices:
How Can We Help?
At CSG Technologies, we can extend IT security and business continuity services tailored to fit your company's needs. Our team of professionals is highly efficient and consists of a wide range of experience in curtailing cyber threats for various enterprises. We can help your company implement a viable mobile action plan while ensuring your network security from vulnerabilities associated with BYOD practices.
Contact us today for more assistance.