Mobile Security Concerns & How to Protect Against Them
MobileIron have released their third mobile security and risk review, this bi-annual report provides IT security leaders with timely information about the mobile threat landscape and the emerging risks facing their organisations.
MobileIron observed that over the last six months 29% of companies had outdated security policies, only 55% consistently enforced security policies and more worryingly less than 5% of them deployed mobile anti-malware.
Causes for Concern & How to Resolve Them
Lack of Security Policy Enforcement
Figures collated from Q4 show that the UK has the lowest percentage of enforcing security policies at a meagre 42% compared with Germany for example at 66%. There is no point taking the time to create security policies if you do not ensure policy compliance. The recommendation therefore is that organisations have a system in place which detects when devices are non-compliant and either blocks them from accessing company resources altogether or brings them back into compliance as quickly as possible.
Use of Outdated Policies
Policies become out-of-date when the IT administrator updates the policy on the console but does not implement the change on all the devices being managed. This issue is most often a result of user behaviour whereby a new device is favoured over an old device. Due to the infrequency in which the old device is connected it ‘fades away’ and is prevented from receiving the frequent updates that it needs.
IT should configure the management platform to send automatic notifications to users to alert them to when their policy or configuration has become outdated including steps to allow them to quickly update old policies and configurations.
The percentage of companies worldwide with at least one missing device rose from 40% to 44%. This is a worrying statistic considering that the implications of this are extremely serious. If data, such as employee or customer information falls into the wrong hands, companies can face a plethora of legal, monetary and reputation costs.
Whilst the loss of devices is an inevitable issue that organisations will have to face, the subsequent loss of data can be avoided. The installation of an EMM solution that allows IT to wipe devices of their corporate data is essential. It is also recommended that IT block access to unauthorised users and install tracking software onto their corporate devices. The combination of these solutions will provide enterprises with the best system to prevent data exposure should a device be lost.
Outdated Operating Systems
Encouragingly 2016 saw an increase in the number of companies continuously installing OS updates, whilst numbers are still low this increase is certainly a step in the right direction.
Enforcing OS updates is one of the cheapest and most effective ways that companies can prevent attacks on their devices, keeping on top of these updates allows organisations to reap the benefits with minimal effort involved. Organisations should ensure that their device operating system is no older than the second most current version. In the case of Android, the same rule applies, whereby the monthly security patches should be no more than one month out of date.
Users are always looking to get the mobile apps and content they need to do their job even if it means circumventing security controls, and unlike Android devices, iOS requires jailbreak software to do this.
Pangu, who make some of the most popular jailbreak tools, delivered updates quickly after the iOS 9 release, however it took them a while to update following Apple’s patching. Despite the lull in Pangu updates, the rate of jailbroken devices has continued to rise, opening the door for more devices to be compromised.
Ensuring that a device remains compliant is of pivotal importance after patching, using the right EMM solution IT can ensure that non-compliant or compromised devices are blocked from accessing all enterprise resources until they regain their compliance within the security policy.
Every year high profile vulnerabilities and malware threats continue to appear, considering the seriousness of a security breach, now is the time that mobile security must be a top priority for your enterprise. With Mobliciti’s help and expertise we can provide you with mobile protection tailored to your company’s needs.