Mobile devices have revolutionized business efficiency, but much to the regret of enterprise security specialists, they've also introduced tremendous risk. The mere thought of giving employees access to corporate data from anywhere on any network can be enough to give any IT security specialist nightmares.
It's often said that acknowledging the problem is the first step to recovery. With that in mind, here are the top five mobile security threats and some tips for mitigating the risk.
- BYOD-Allowing employees to use their personal devices either in the company setting or to conduct company business can be a recipe for disaster. Aside from the risk of mixing business and personal data, photos, social media activity and more, allowing access to corporate data on a device or network that the company does not own or control can easily allow sensitive information to fall into the wrong hands. Establishing specific rules and guidelines or placing access restrictions on the use of company information and/or apps on employee-owned devices is the first line of defense in thwarting the BYOD risk.
- Apps management-While there are thousands of incredibly helpful apps on multiple platforms, there are also many that have no place in the corporate environment, from either a productivity or security standpoint. To ensure company data is uncompromised, use a whitelist/blacklist program and software that controls and/or monitors app use to manage what's available and/or accessible.
- Productivity drain-While not exactly a security threat, time wasted on games, social networking and other leisure apps can be a serious threat to productivity and competitive position. Geo-fencing, or the use of GPS location boundaries to secure/restrict access to certain apps can solve the problem. For example, companies can set up a geofence that disables Angry Birds and Cut the Rope while within the office building. Geo-fence technology can also be used to restrict features on the device, prohibiting the use of the camera in areas where trade-secret equipment or sensitive documents are kept, for example, or enabling access to data-heavy apps only when Wi-Fi is available to control data costs.
- Content sharing-Companies may want to be selective about the type of content made available on mobile devices. For example, investor documents, proprietary information and other sensitive material can fall into the wrong hands if the device is lost or stolen. The use of content-sharing controls can secure access to those documents, as well as push automatic updates as documents are changed, to ensure the latest version is always available. Sharing controls can even restrict the ability to transmit documents via a mobile device without proper authorization.
- Password security-It's hard to believe that in 2013, passwords are still an issue. Yet, some reports show that roughly half of mobile phone users don't use a password to protect their device. For those that contain corporate apps or access to company data, that's a huge security hole just waiting to be exploited. Use of a containerized solution can plug the hole, requiring a separate password or PIN to access corporate data, regardless of whether the device itself is password protected.