Does your mobile strategy leave you open to cybercrime?

A report by IDC predicts that there will be over 1.7-billion smartphone users by 2020.

iStock-941681756.jpg

A report by IDC predicts that there will be over 1.7-billion smartphone users by 2020. When added to other figures supplied by the IDC’s FutureScape: World Mobility 2017 Predictionsreport, spending on mobile is predicted to peak at 50% of the total enterprise budgets by 2019. Given that enterprise mobile applications are expected to double by 2018, it becomes apparent that the common use of enterprise mobile platforms is fast-growing.
The trend is spurred by organisations encouraging the uptake of mobile use for work purposes through bring your own device (BYOD) and choose your own device (CYOD) policies. This approach enables staff to work anytime, from anywhere using either their own device or one supplied by the company based on the user’s specifications.

The FutureScape report also points out that up to 40% of organisations will save time and money by adopting common management and policy controls for various devices to manage all endpoints on a single system. This is a viable requirement, as a host of new security risks are introduced with the adoption of the mobile workforce.

The risks

Mobility provides many benefits, predominantly given that it enables organisations to maximise their workforce while reducing the space required to ‘house’ them. Having said that, security concerns related to BYOD or CYOD are rising. Enterprises need a strong mobile strategy that places security at its core in order to mitigate the risk and defend themselves against cyber attacks. There are three key concerns that need to be addressed:

The increased prevalence of text and social engineering, where users receive or unwittingly send messages containing contaminated hyperlinks. When accessed, the hyperlink allows cybercriminals to hijack an online session or directs the user to a replica site where they could unknowingly reveal their credentials or invite malware into their organisation’s network.

Use of public networks. Mobile devices used for work are likely to contain information related to the organisation or have portals or cloud access that link to corporate networks. Users who use public, unsecured Wi-Fi networks to access company networks or data, put their organization—and themselves—at risk of infiltration.

Poor risk awareness and education. Individuals who use their own or a company device to access company data and networks are often unaware of the risks of doing so. This lack of awareness can lead to unsafe behaviour, putting themselves, their devices and the organisation at risk.

Poor management of these areas puts the entire organisation at risk. Organisations could be vulnerable to the loss of valuable data or they run the risk of data ending up in the wrong hands and being used for unauthorised purposes. A data breach can result in lost revenue, interrupted operations and/or repetitional damage.

There is also a risk for the individual user, who can suffer personal losses.

Defining a strategy

Defining an enterprise mobile strategy amidst the vast variety of mobile devices that are available today can be tricky. Organisations need to ensure that they define what constitutes acceptable devices, whether they are user-owned, or company assets. These allowable devices also need to have strict policies around their management, including a jailbreak policy, which disallows users from unlocking their phones in order to allow unrestricted access. The policy must also define which applications, websites and social media portals are permitted or restricted.

In conjunction with the device policy, there should be a security policy, which imposes security tools across all devices and outlines security best practices and rules. The following should be covered under the policy:

Right Network Topology and rules implemented for the access of the Internet in the company’s premise with firewall, intrusion detection system, web gateway, email gateway and advanced persistent threat (APT) filtering the access to the Internet.

  • Mobile threat management.
  • Mobile information protection and control.
  • Mobile gateway and access protection.
  • Mobile security and vulnerability management.
  • Mobile identity and access management.
  • Application security.
  • Content protection, such as message filters, web protection and mobile bitmap.
  • Encryption like SSH, TSL, PKI, in case of access to the server from mobile devices. WEP, WPA, RSN for connection to the Wi-Fi network.
  • Right password policy as NIST 800-118 guidelines.
  • Enforced security and threat awareness training.

The last point is absolutely critical. Users need to be regularly updated on new and emerging threats, how they work, where they originate, how to prevent them and how to proceed in the event of an infiltration or cyber attack. They also need to understand basic mobile security. For example, what necessitates an IMEI number or ICCID (SIM card ID number). The policy must equally outline what the damage control procedures are to minimise the effects of any breach or potential breach.

Making it accessible

From an implementation point of view, organisations should simplify their policy, clearly communicating its contents and educating on any aspects that are not understood. Policy adoption, especially when it comes to security, can be difficult to attain when users (especially using their own devices) do not understand the risks and their implications. When the risks and procedures are understood and enforced, adoption is more easily managed.

Incorporating a user helpdesk can streamline this process. Helpdesks are able to respond to questions, provide guidance on adhering to policy and assist when there are breaches—suspected or actual. They can also provide user assistance in other matters, which aid in mobile strategy adoption.

Plan ahead

There is no better time for organisations to create or update their mobile strategy than now, when mobility is becoming rife. Businesses should, however, do so with a view on the future. Technologies such as artificial intelligence, augmented reality and the Internet of Things (IoT) are set to become woven into the wireless fabric of businesses, accessible by mobile devices that share the same network. As such, these technologies should be provisioned for or, at least, carefully considered when planning a mobile strategy and defining security parameters.

Organisations can collaborate with expert partners who understand the global and local technology and security landscape in order to create a mobile ‘use and security’ strategy that aligns with their business. Together with a partner, businesses can outline and implement a policy with all the right tools to cater to their current and future requirements, while mitigating risks and maximising success. 

comments powered by Disqus

RW1
R1
R1
R1

This edition

Issue 398
Current


Archive


Leadership_Mag Marketing and PR extraordinaire and social entrepreneur, Emmanuel Bonoko, is a leader on a mission to conquer the w… https://t.co/pfCvMpV1Fm 8 days - reply - retweet - favorite

StillChristelle This month we are in the with our friends from talking about supercars. #welovecars #car… 15 days - reply - retweet - favorite

PriorConsults “South African investors should be looking at international options because of the fluctuating #rand as well as the chal… 15 days - reply - retweet - favorite