As a quickly advancing and constantly evolving technology, mobile devices are creating additional security concerns for individuals and enterprises of all sizes and within all industries.
Mobile devices are everywhere and invasive; they gain access to networks, transmit and receive privileged data, and may contain significant system vulnerabilities of their own.
Though the modern administrator may be aware of these risks, there are still some common errors being made by modern IT departments, even in large and seemingly well-protected organizations.
► Here Are A Few Of The Most Common Issues Being Seen Today
1. Relying Purely On Mobile Device Management
While Mobile Device Management is an essential and necessary tool for organizations today, it is not a comprehensive solution to the problems that mobile devices represent. Mobile Device Management provides for basic security and provisioning based on device and identity, often offering up loose security controls on a device-by-device basis.
MDM was never intended to provide a complete mobile security solution and it cannot address many of the security concerns that arise with mobile devices, such as the ability to store and transmit confidential or sensitive company information. All MDM alone can really do is create an authentication gateway to resources and data, after which vulnerabilities may still exist.
2. Failing To Work With The User
It’s easy to forget the user experience when concerned about security. While security must be the foremost concern, it cannot be the only priority. The goal of IT security is to create a safe and secured environment without significant disruption of business operations. IT must both secure a company’s assets and facilitate productivity throughout the organization; otherwise the company’s bottom line can be affected.
The consequences of security protocols on the users themselves have to be considered every time a change to either cybersecurity platform or procedure is initiated. To do otherwise will quickly lead to user frustration and a sharp decrease in operational efficiency — and it could actually decrease the effectiveness of a security solution.
User negligence contributes to a significant amount of data breaches, and users who are not properly trained or who are frustrated by the systems that they use may be even more vulnerable to threats.
3. Protecting Confidential Or Sensitive Information With Passwords
Passwords are the weakest way to secure data and are not always substantially more effective than failing to secure data altogether.
Many organizations construct a gateway to their confidential information that requires nothing more than a username and a password to access — and usernames themselves are often trivial to guess. Users are notoriously lax with their password hygiene: they will reuse passwords, forget passwords, write passwords down, and share their passwords with other users.
At minimum, confidential and sensitive information should at least be protected via two-factor authentication, rather than by password alone. When users are allowed to set and maintain their own passwords, stringent password or passphrase requirements should be enacted.
4. Creating Potentially Obstructive Solutions
Along with considering the overall user experience, administrators must also consider whether their system provides the most effective solutions for their users. If potentially obstructive solutions are used, many employees will instead turn to self-service IT.
Self-service IT is exceptionally dangerous to a company, employees will be tempted to use third-party applications and other mobile platforms to perform their daily tasks, potentially compromising not only the data that they work with but also the network as a whole.
To avoid this, administrators should keep a dialog open with employees, and any concerns and issues should be addressed in a timely fashion.
5. Fragmenting Your Security Solutions
As a network infrastructure grows, it can be easy to create a fragmented, hodgepodge system of security solutions. Organizations may have mobile device security, web platform security, network security, email security — an entire nest of loosely integrated components.
Fragmenting your security solutions will almost always create issues. There will be areas of redundancy and overlap, which will waste time and resources. There will also be gaps, which can be worse than having no security at all, as there will be a false sense of security associated with the existing security solutions.
Companies today are increasingly moving towards unified threat management solutions, which create a consolidated and self-contained cross-platform security architecture.
6. Letting Your Data Grow Legs
Once your data is out of your direct control, there’s simply nothing that you can do to secure it. Many organizations are moving to “live data” systems, in which data can only be accessed through authentication and is never saved or cached directly on a device.
This is far more secure than allowing users to download or sync data to their devices or even their personal computers. In general, administrators must be exceptionally conscientious of data being transmitted either in or out of the company network.
Once data leaves the network — even if password-protected or otherwise encrypted — it could potentially be vulnerable.
7. Failing To Secure Partners And Service Providers
Administrators today are rapidly adopting a more holistic approach to their security. Due to the commonplace integration of third-party software solutions — and the extensive amounts of sensitive and confidential data that may be shared or synced among partners, many organizations are taking their security outside of their own network and extending their security requirements to their partners.
There have been numerous large scale security breaches over the last decade that did not originate within the company that was compromised but instead via one of their third-party platforms or solutions.
The only way for organizations to avoid this is to require that the organizations that they do business with also maintain appropriate levels of cybersecurity.
Mobile devices are only going to become a more substantial threat as time goes on. Not only are malicious users targeting mobile devices more often, but the devices themselves are developing quickly.
In a few years, users may have systems as powerful as an enterprise server in the palm of their hand — and these devices may be connected directly to the organization’s network. Without comprehensive security platforms and protocols, administrators will find it increasingly difficult to maintain control over their systems and their data.
VPN 4ALL Mobile-Encrypt all your mobile Internet activities and change your local IP address to a secure anonymous IP in 80+ locations. Perfect privacy. Secure public WiFi, unblock geo-locked sites. All in one click!
►A s seen on: TechCrunch, CNET, InfoWars & Technorati
“VPN 4ALL is the Rolls Royce of personal VPN services”
Steve Brown, EntertainMeLondon
►What Makes Us Different?
Fast Global VPN Server Network with 1000+ Clean Anonymous IP addresses in 80+ Locations (US, UK, Europe, Asia, Australia & Offshore)
♦One-click Server & IP switching (unlimited & free)
♦Deep Packet Inspection Shield for Perfect Privacy Online
♦Powerful yet Easy-to-use Mobile VPN apps & no-software VPN solutions – Works on ALL major platforms
- Jansen, Wayne; Scarfone, Karen (October 2008). “Guidelines on Cell Phone and PDA Security: Recommendations of the National Institute of Standards and Technology” (PDF). National Institute of Standards and Technology. Retrieved April 21, 2012.
- Lee, Sung-Min; Suh, Sang-bum; Jeong, Bokdeuk; Mo, Sangdok (January 2008). A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization. 5th IEEE Consumer Communications and Networking Conference, 2008. CCNC 2008. doi:10.1109/ccnc08.2007.63. ISBN 978-1-4244-1456-7. Archived from the original on May 16, 2013.
- Li, Feng; Yang, Yinying; Wu, Jie (March 2010). CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks (PDF). INFOCOM, 2010 Proceedings IEEE. doi:10.1109/INFCOM.2010.5462113.
- Ni, Xudong; Yang, Zhimin; Bai, Xiaole; Champion, Adam C.; Xuan, Dong (October 2009). Distribute: Differentiated User Access Control on Smartphones (PDF). 6th IEEE International Conference on Mobile Adhoc and Periodic Sensor Systems, 2009. MASS ’09. ISBN 978-1-4244-5113-5.[dead link]
- Ongtang, Machigar; McLaughlin, Stephen; Enck, William; Mcdaniel, Patrick (December 2009). Semantically Rich Application-Centric Security in Android (PDF). Annual Computer Security Applications Conference, 2009. ACSAC ’09. ISSN 1063-9527.
- Schmidt, Aubrey-Derrick; Bye, Rainer; Schmidt, Hans-Gunther; Clausen, Jan; Kiraz, Osman; Yüksel, Kamer A.; Camtepe, Seyit A.; Albayrak, Sahin (2009b). Static Analysis of Executables for Collaborative Malware Detection on Android (PDF). IEEE International Conference Communications, 2009. ICC ’09. ISSN 1938-1883.
- Yang, Feng; Zhou, Xuehai; Jia, Gangyong; Zhang, Qiyuan (2010). A Non-cooperative Game Approach for Intrusion Detection Systems in Smartphone systems. 8th Annual Communication Networks and Services Research Conference. doi:10.1109/CNSR.2010.24. ISBN 978-1-4244-6248-3. Archived from the original on May 16, 2013.
Data Recovery Solutions: