Smartphones and tablets are common in the workplace—whether the devices are company-issued or provided by the employee through a bring-your-own-device (BYOD) program. Yet many organizations are cutting corners when it comes to mobile security. Verizon’s “Mobile Security Index 2019” found that 48 percent of survey respondents admitted to compromising mobile security in order to get the job done. As a result, these organizations could be risking data loss, increased downtime, or even damage to the company’s brand and customer relationships. The good news? There are steps your organization can take to help better defend mobile devices—and therefore the company.
33% of Survey Respondents Suffered a Compromise Due to Mobile Security Risks
The numbers tell the story of a surprising lack of enterprise focus on mobile security, despite a growing risk of mobile threats.
- 33 percent of respondents reported having already suffered a compromise due to mobile security risks.
- 83 percent believe that their companies are at risk from a mobile threat in the future.
- Users are 3x more likely to respond to a phishing attack on a mobile device than a desktop computer, partly because people often first see a message on their smartphone.
So why aren’t more employers paying attention to mobile security?
It could be that organizations are simply focusing on the wrong thing. When a breach or security incident occurs, the focus of the investigation is typically on how the attack began (such as via a phishing email), or what information was exposed (such as customer data), but companies tend to ignore where the incident occurred—which may well have been on an employee’s mobile device.
Certainly BYOD programs can add complexity to an organization’s mobile security strategy, but experts say that in general BYOD isn’t to blame. Enterprises simply don’t defend mobile devices to the same extent that they defend on laptops, desktops, or internal networks.
Workplace Mobile Apps: Are They Privacy’s Sworn Enemy?
These days, applications on employees’ mobile devices are often used to manage critical—and often confidential—business operations, like supply chain systems, point of sale systems, or customer-facing processes. It’s those same apps that could expose corporate assets, customer data, employee data, and the like, to malicious actors.
Therein lies part of the enterprise mobile security conundrum.
Mobile applications—whether they are work-related or not—are “privacy’s sworn enemy,” according to one report. Another article calls mobile apps the Achilles’ heel of mobile security, as they are believed to be the most vulnerable points for both data leakage and malware.
In fact, free mobile apps embed an average of six marketing libraries from which data is collected and resold. What makes mobile app security even more challenging is that app data leakage isn’t typically a malicious act on the part of the user, but instead simply due to inattention about which apps are able to see and transfer which types of information.
Combine increasing enterprise mobile security risks, unpredictable user behavior and a general disconnect in how organizations defend mobile devices with an increasing number of company data privacy regulations and enterprises may find themselves facing a data security incident.
Considerations for Better Defending and Protecting Enterprise Mobile Devices
Fortunately your organization can take steps to better defend mobile devices—and therefore the company.
Take Control of Your BYOD Policies
Chances are good that if you checked, you'd find out many of your employees are already using their personal devices to do their work. One tactic to consider is to bring BYOD out of the shadows and give employees the knowledge they need to help lessen security risks. Consider inviting employees from HR, Legal, IT, and other departments to participate in the creation of the company’s BYOD policies, as you are likely to deal with a myriad of issues, including employee eligibility, device selection, records management, training and support, employee privacy, audit requirements, data usage limits and backup, IT strategy, and termination policy, among others.
Pay Attention to Legal Considerations
Technological enforcement exceeds the law in most states, resulting in some gray areas regarding employee privacy with regard to mobile device use. Talk with your legal and IT personnel about: obtaining written consent about the purposes of using, collecting, and disclosing data on employee devices; implementing an acceptable use policy including how an employee can use the employer’s VPN; balancing employer control with employee productivity; and offering support to ensure that mobile devices are configured correctly, are free from malware, and have the latest security applications.
Explore Enterprise Mobility Management Solutions
Your IT department will most likely know the best ways to support your organization’s unique challenges with regards to mobile security. Depending on the needs of your organization, some options to consider are: a mobile device management (MDM) solution that allows IT to track, manage, lock, and potentially wipe employee- or corporate-owned devices; or mobile application management (MAM) software that specifically enables IT to control enterprise mobile apps and the data that resides in the apps.