A data breach can cost your organisation heavily in fines, reputation, lost customers. MTD protects your remote workforce from data theft and loss.
You have anti-virus on every work computer and laptop. You don’t share customer details. You may think you have PII (personally identifiable information) locked down tight in your organisation, but there’s a real threat to private data via employees’ mobile devices.
Some heavily regulated sectors had to scramble earlier this year to find ways of working that give employees the access they need to client data and internal systems from beyond the office perimeter. This is a way of working that many sectors have had a few years to develop and refine, but a sudden and widespread adoption of remote working has left many organisations more vulnerable to data breaches than they are prepared for.
To stay compliant with GDPR, or if you need to demonstrate other regulatory compliance around private data, you need to be aware of the potential risks from mobile devices, and know how to prevent them. But as an employer, you need to allow staff the freedom to do their jobs in a productive and efficient way, which is why BYOD (Bring Your Own Device) is increasingly in popularity over COBO (Company-Owned, Business Only) mobility strategies. It means employees can use their personal phones and tablets to read company email, access the intranet, log in to the company CRM or accounts portal… and more.
Mobile device threats
Some of the threats to your customer data that can occur through mobile devices include:
- Phishing – SMS-based phishing is a thing, but also regular email phishing is much harder to spot on a small screen. If an employee clicks a phishing link they may inadvertently install malware on the device, reveal login credentials to internal systems to a third party. 88% of organizations around the world experienced spear phishing attempts in 2019, according to Proofpoint.
- Data theft via hacked WiFi networks – Our own research into compromised WiFi shows that 1 in 20 networks are suffering active Man-in-the-Middle attacks, where criminals lurk on the network and slurp up private data.
- Operating System vulnerabilities – Mobile devices need patching regularly as bugs and security holes are discovered, hopefully before they can be exploited by cybercriminals. iOS devices are 3.5 times more likely to be updated within 30 days of a security update or patch, compared to Android.
- Malicious apps – Even using an ‘official’ app store doesn’t guarantee a safe app. Some start off dangerous, passing private information from the device back to criminals, but others become compromised at some point due to security flaws in the app’s development process or the app itself. They can drop viruses and spyware on to the device, or record keystrokes, phone calls, and relay emails and messages back to a third party.
As you would expect, BYOD comes with significant risks to your and you, so how do you protect those personal devices without resource-heavy administration, budget-breaking security suites, and privacy-invasive monitoring?
Solution: Install Mobile Threat Defense on phones and tablets
Just as you use an anti-virus product on your desktops and laptops, you need a similar security product on any mobile device your employees use to access email or business systems, or any other method of viewing and sharing confidential data.
This is where Mobile Threat Defense comes in. It combines on-device protection against network, application and device-level threats with an admin console so you can monitor which devices are protected, which are yet to enrol (and thereby conform to your security policies), and which are currently under attack.
You and the device user get alerts when risky events occur, but the employee maintains their privacy – you can’t see which websites they visit. You do, however, get visibility over the compliance level of your entire mobile workforce, and peace of mind knowing that the MTD is protecting that device from viruses, malware, spyware, phishing links, compromised WiFi and dangerous apps.
You can use a Mobile Device Management (MDM) tool to automatically deploy company policies to your MTD on devices, or even restrict access to internal systems by risky devices, but the benefit of a standalone MTD is that you don’t need to have any mobility management software – you can start protecting every mobile device straight away.
Ben Jones is the CEO of Traced, a CommSec partner for mobile security in BYOD environments.
Traced Control is a groundbreaking MTD (Mobile Threat Defense) that works with the Traced app to give businesses visibility and analysis of mobile threats, and the tools they need for analysis, investigation and response.