Thursday, October 15, 2015

Securing the Mobile Enterprise

Mobile devices have become a critical tool in today’s business environment. Companies and individuals alike rely on mobile devices to remain reachable and stay connected. Mobile devices such as smartphones and tablets have ushered businesses into a new era of productivity, improving competitiveness, and contributing to greater workforce satisfaction. But with those advances and productivity comes a plethora of security risks, creating a huge security challenges for the company. Hackers and malware creators target devices in order to launch larger attack on corporate networks, with the intent of accessing and stealing sensitive information.

Image by: TechGenie
Mobile devices have become the new attack vectors and are even getting hit by a much more sophisticated attack known as APT (Advanced Persistent Threats) intended to steal corporate data. Malware targeting mobile devices is growing fast, increasing as much as 614 percent in 2013, according to Juniper Networks.

Sadly, though, many companies these days not only do not manage their mobile security risks, they don’t even manage mobile devices. There’s a great need for better control over the devices that connect to their networks if they want to keep a tight control over corporate data. This also means taking a proactive role over mobile devices and getting the company to lead the acquisition of devices within the enterprise.

Guidelines for Securing the Mobile Enterprise:
  • Understand mobility risks and solutions
  • Companies should have a mobile device security policy.
  • Acquire enterprise-grade Enterprise Mobile Management solutions.
  • Companies should fully secure each company-issued mobile device before allowing user to use and access it.
  • Companies should have a plan in place for lost, stolen and compromised mobile devices.
  • Companies should develop a threat modeling system for mobile devices and resources that are accessed through the mobile devices. Good security always starts with creating effective threat modeling.
  • Companies should regularly maintain mobile device security. Always check for upgrades and patches, acquire and test them.
  • Implement and test a mobile device solution before putting the solution into production.
  • Control Third-Party apps.