Of all the cybersecurity threats facing your company, mobile devices might just be the worst. They represent a double threat. First, they give employees a way to take enterprise data off business premises, either maliciously or unwittingly. Second, an insecure tablet or cellphone represents a potential foothold for an attacker onto your network.
There is no shortage of at-risk mobile devices, especially with employees bringing their own phones and tablets to the party. According to the 2019 State of Mobile Security report from mobile security vendor Zimperium, roughly 60% of enterprise devices are mobile, and 24% of them are exposed to threats. That figure doesn't even include outdated operating systems.
So how do you reduce the risk? Mobile devices usually come with some security measures of their own. Apple's Find My iPhone and Google's Find My Device features both let users track lost or stolen phones that connect to the internet and will let users wipe them remotely.
These are useful features, but they have their drawbacks. For one thing, a savvy crook who is able to strip data from the phone will do so before letting it online. At the very least, they'll erase the device themselves - along with its tracking capability - before connecting it. So you can't rely on these security features alone.
The second problem is the lack of central management. Without the ability to control security measures from a single point, companies can't check and set them across all devices, leaving serious holes in their infrastructure.
Enterprise mobility management (EMM) is the modern term for solutions that manage those mobile devices and the data they contain. They can help you to enforce security policies that cover different aspects of your mobile infrastructure. These include:
- OS and application patching
By managing mobile operating system and application security patches from a central point, an EMM solution can close up software vulnerabilities on devices. Admins can set policies to prevent unpatched devices from connecting to the network.
Encrypting data on the device protects it from prying eyes if the device is stolen (assuming that the device is properly protected with a password or biometric access). A virtual private network (VPN) will protect information in transit by tunnelling back to the server, which is especially important for devices that connect to public networks.
With so many apps leaking personal data from phones, controlling which apps are installed is critical for enterprises. Most EMM solutions offer the ability to restrict which apps are deployed on the phone, preventing the download of specious apps that sometimes even make their way onto legitimate app stores. Some EMM systems even allow companies to create their own internal repositories of whitelisted applications for employees to install.
Solutions like these often require the installation of small software agents on mobile devices. That can be tricky in a bring-your-own-device (BYOD) environment where employees are using their own smartphones and tablets. Some companies solve this by locking out BYOD users from everything but a demilitarised zone, and configuring cloud-based productivity services that allow employees only to manipulate data online rather than downloading it to mobile systems.
The alternative is to install a virtual sandbox on the employee's device that contains all the enterprise's applications and data. Enterprise admins can only see and manipulate what's in the sandbox, which is kept separate from the rest of the system. This stops 'civilian' apps from tampering with or stealing its contents.
Whichever form of EMM you choose, it's important to have some form of protection on your devices. With mobile computing becoming even more ubiquitous under the strict COVID-19 rules, these threats will loom larger than ever for the foreseeable future.
Check out the popular switches below