At the start of 2020, many organizations were already focused on protecting their mobile employees – whether they were business travelers or the occasional employee working from home.
COVID-19 changed the game. Entire workforces have been forced to work remotely. Many had already made the transition to only using smartphones and tablets for work. Others are working from home for the first time and have been using their personal smartphones and tablets during the shutdown so they can stay productive.
So as organizations evolve their mobile strategy to accommodate this new reality, they really need to improve mobile security. Here are five reasons why strong mobile security can keep your employees safe in or out of the office:
1. Protects an organization against the full spectrum of mobile risk.
This full spectrum includes phishing, application, device and network threats. Each of these four threat vectors have three components of risk: internal or external threats, mobile app vulnerabilities and user behavior, which includes changes to device configurations such as rooting or jailbreaking. For example, an organization may build a custom business app and deploy it to all employees while not realizing the app leaks data because it uses insecure data storage or transmission practices. In this case, mobile security would detect configuration vulnerabilities that could lead to data leakage. In fact, mobile security can detect these vulnerabilities before the app gets distributed to users. Even when apps are not malicious, it can still present unseen risks to an organization. With mobile security in place, organizations can confidently let employees use a wide range of apps because security gets continuously scanned for app risks.
2. Delivers access to mobile threat telemetry. A mobile security strategy delivers the threat-telemetry data required to detect mobile threats, including app vulnerabilities, malicious apps, phishing attacks, exploits to a container, or network attacks such as man-in-the-middle. For example, artificial intelligence can get deployed to proactively scan domains, certificates and webpages to identify phishing sites as they are developed. With this early detection capability, AI notifies the target organization so they can respond immediately.
3. Lets individual users resolve threats on their own. By silently running in the background, mobile security protects the device at all times and interrupts the individual only when threats are detected. The mobile security app offers detail about the threat it detected and instructs the user on how to resolve it. In many cases, fixes are as simple as removing a malicious or vulnerable app or upgrading the operating system. Other times, the app requires a more extensive resolution. Helping individuals resolve mobile security issues on their tablet and smartphones both increases productivity and reduces the burden on an organization’s IT support.
4. Monitors the organization’s devices in real-time. With most SaaS business apps designed for use on a tablet or smartphone, employees can do work from their mobile devices now. While toggling between text, email, business apps, and browser sessions, mobile users become prime targets for cyberattacks that seek to steal intellectual property and sensitive data. However, with a mobile security strategy, organizations can continuously monitor the health of a mobile device that’s accessing work resources. If at any point threats are detected, mobile security assigns a risk level and restricts the device from accessing the organization’s data until the threat gets removed. This continuous conditional access protection ensures organizations protect their intellectual property and sensitive data from mobile threats.
5. Delivers a secure BYOD strategy that respects employee privacy. Organizations that implement a BYOD strategy must balance how to protect the organization’s data while respecting employee privacy. Privacy-centric mobile security will only require a user’s email address for activation and will offer settings to ensure personal data does not get shared with admins. The mobile security strategy should also not associate any apps on a device to a user. Rather, they should keep app inventory anonymous to respect employee privacy. Similarly, phishing protection needs only to inspect URLs and domains, but not the actual message content. Finally, mobile security must offer continuous monitoring to protect corporate data from mobile threats on unmanaged personal devices.
Remote work has become the new norm and cybercriminals are aware of that. So as you evolve your security strategies, make sure the organization has a comprehensive mobile security in place that protects employee data whatever device they use and wherever they work.
Steve Banda, senior manager, security solutions, Lookout