How much does your workforce know about mobile security? Adopting a “bring your own device” (BYOD) policy can introduce the benefits of convenience and cost savings, but without proper planning, it also can put an organization at risk for mobile malware.
Mobile malware vulnerabilities may be trending downward, but that’s after reaching an all-time high infection rate in 2016. A slow decline still means attacks are possible, and if one should strike an employee at your company, hackers could gain access to your sensitive corporate data.
When adopting a BYOD program, it’s crucial to have a plan in place to reduce the threat of mobile malware. Here are four best practices that enterprise mobility experts recommend for IT professionals evaluating their company’s mobile malware risk:
1. Know Your Mobile Operating Systems
“It makes a very big difference if you have an iPhone or Android,” says Richard Bejtlich, Chief Security Strategist at computer security firm FireEye. “The iPhone is a very tightly coupled system, so there’s a clear idea of how to get updates from Apple all the way down to the phone. But this is a giant problem with Android platforms because they’re so distributed — you have manufacturers, operating system vendors, app vendors, carriers, handset makers. There’s no clarity in who’s responsible for what when it comes to staying up-to-date.”
2. Create a Mobile Security Policy
A set policy can work wonders when it comes to communicating with employees (even those that work remotely) and training them to be vigilant. “It doesn’t matter what your business is, what we all have in common is a regulatory environment and a need to authenticate users, safeguard data through encryption, and set tailored policies for different groups and people in the organization,” says James Slaby, Director of Cyber Protection and Solutions Marketing at Acronis.
3. Implement Your Desktop Security Tools for Mobile
“The key is to use the same great technology and security tools in place today on your desktop to detect mobile malware,” says Kevin Manwiller, Manager of Security and Mobility Architecture at Cisco. “You have to send traffic through a firewall, install malware inspection tools like intrusion detection systems, and thoroughly monitor traffic and behavior on those devices. You have to make sure you’re funneling everything through your security tools.”
4. Adopt a Mobile Device Management Strategy
Mobile device management (MDM) is highly recommended by experts, says Corrin. “It’s the traditional defense-in-depth strategy,” Manwiller says. Organizations with a strong MDM strategy can set up a request system for entering the organization's network and provide an inventory of devices that have permission to connect. This gateway to entry alone goes far in preventing malware infections.
Mobile devices are becoming more and more common within the business world and, as smartphones and tablets continue to develop in versatility and sophistication, this trend shows no sign of slowing. Instead of swimming against the tide and forbidding BYOD at your workplace, it’s vital to invest in protection for your environment’s mobile devices that’s just as robust and secure as your in-office cyber protection systems. Leading vendors are meeting this need by integrating Android and iOS support in the same solutions that defend PCs and Macs.
H/T Software Advice
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.