Are your mobile devices your weakest (security) link?
As technology has evolved, so has the footprint of devices we use to conduct our work. Mobile internet usage overtook desktop internet usage in 2018 on various fronts, including business-related websites receiving more traffic from mobiles than desktop devices.
There is no doubt that mobile devices are convenient. However, they can pose to be a weak link in the overall network security of an organisation. The main difference in security between the two stems from the fact that the vast majority of companies allow BYOD, whereas laptops and desktops are generally company-issued. Desktops run on operating systems which are usually updated on a regular basis, thanks to corporate IT policy. On the other hand, mobile device OS updates are at the discretion of the user, and many users fail to apply these updates.
Some ecosystems are better than others, however manufacturers struggle to ensure their users update their operating system frequently enough to meet changing security requirements. Some do not issue smaller security patches between OS update cycles. The absence of patching cadence is becoming an increasing threat and makes these devices (and therefore most BYOD policies) a weak link in the corporate cyber security chain.
Enterprise mobility is still the future.
Enterprise mobility allows for adaptability, and adaptability is the definition of the future workplace. We are rapidly heading towards a future where traditional offices no longer exists, and flexible employee work conditions are the norm.
If managed properly, enterprise mobility will improve productivity, efficiency and employee satisfaction, whilst also reducing operational costs. We cannot enable the modern workplace and at the same time seek to put a complete stop to BYOD and mobility.
However, the mismanagement of mobile devices leads to increases in network security vulnerabilities, and that pushes up the cost of doing business.
How can you secure your mobile users?
Securing your mobile devices begins with understanding the risks, and relaying these risks to the relevant stakeholders, such as the IT department, security teams and even top-level management.
After identifying the risks, the stakeholders must devise a mitigation plan and enforce it. Practical options include:
- Mobile Device Management, implementing a third-party tool to enroll, monitor, and manage mobile devices.
- Data Encryption, ensuring corporate data stored on mobile devices is strongly encrypted and can be wiped.
- Educating Users through training, clear policy, and regular checks to detect and prevent risky user behaviour.
A proper plan must be implemented and periodically monitored in order leverage mobility within the organisation. Effectiveness must be assessed regularly to identify what is working well, and points of fractures.
Yes, mobile devices are effective and efficient. They are devices of the modern era. We need them to deliver to business requirements. We need them to compete. But equally, we must strive to have devices as part of the corporate arsenal that is maintained under an established plan when it comes to employee use, and OS and patch updates.
How well are you managing your weak links?
Our ‘Cyber Security by Design’ methodology encompasses all endpoints, including mobile devices. We believe organisations can enable modern ways of working and remain secure and low-risk. If you want to enable transformation in your organisation while maintaining cyber security, contact us for a confidential discussion.