We're experts in software development and share news and articles about IoT, web, mobile, VR, AR and game development.

Top Dos and Don’ts in Enterprise Mobile Security

45% of enterprises with less than a thousand employees estimate their costs of mobile security incidents to exceed $100,000 per year, and 52% of bigger companies report spending more than $500,000 annually to tackle mobile security challenges. You are not likely to escape the enterprise mobility rush, but can and should avoid security mistakes with this relevant and trustworthy data.

Are You Barking Up the Right Tree?

The fact that enterprise mobility poses significant security challenges is unquestionable. However, there is a lot of speculation when it comes to identifying the cause-effect of these challenges. See if you got everything right:

Cyber-criminals vs. Careless employees

If you still think it’s hackers you should watch out for, think again. It’s the person who accesses your corporate data from an enterprise-owned or personal device daily that has the most influence over what’s happening. It’s the employee’s day-to-day decisions and actions that pre-define how protected or vulnerable your data is and will be in the long run. Employees are most likely to take the path of least resistance in leveraging mobile devices for business purposes, which may lead to unsafe computing practices.

Today, careless employees pose a much bigger threat to corporate security than cyber-criminals. “Secure is as secure does” might become a good new rule of thumb for mobile corporate environment.

Malware vs. Unclear Corporate Policies

By default, malware and corporate data loss are two biggest nightmares of any IT Department Head when it comes to enterprise mobile security. Lack of properly articulated corporate policies is not considered by most companies to be a security risk of itself. However, recent reports prove it to be the number one reason for major security risks. Management is often lenient when it comes to employee’s choice of devices and apps, since they are proved to boost productivity. As a result, the situation gets out of control and becomes hazardous long before any malware attack occurs.

A lot of companies falsely assume that not having a clear bring your own device security policy keeps them out of the problem altogether. Yet, this should be the first step towards improving overall security of corporate data. Once articulated, those policies should then be enforced properly across the company, so that no employee regards them as optional.

Security vs. Productivity

Companies who take a proactive stand in securing their data in the new mobile-driven reality tend to hit another extreme, data control totalitarianism. Implementation of control features is surely the way to secure data. Ironically enough, over-control impedes employees’ productivity, which is the primary reason for mobile enterprise solutions to exist. The more sophisticated corporate security, the more counterproductive it is. Imagine you demand your employee to enter a 23-digit password each time he wants to access his BYOD device. What happens is that eventually he will write the code down on a sticker and attach it directly to the device, or email it to himself. Let’s call it a Catch-23, but you really can enter any number here (and don’t forget lower- and upper-case letters, too)

To yield results, your mobile security solution should be comprehensive and rational.

MDM vs. Human Factors

Mobile Device Management is perceived by many executives as a silver bullet for corporate security. Modern MDM solutions are advanced enough to provide protection in most tricky situations, from security of mobile applications to cloud transfers and network security. So, in case a mobile device is stolen or lost, data stored on it can be wiped as soon as it is reported missing. What these solutions are not able to control, though, is human factors. Employees aware that a lost device is doomed to be wiped tend to delay reporting, because the idea of losing photos from Caribbean holidays is more unbearable than the idea of an annual report getting into competitors’ hands.

Thus, when designing mobile device security policies, meditate on how and when data can be wiped automatically from mobile devices. For example, delete all contents after several failed login attempts, or in case the device wasn’t connected to corporate network within a specified time frame.

Proved Solutions to Embrace the Chaos

Recently, companies have been actively evaluating their corporate mobile security options and trying their best to come up with robust mobility strategies. So by now, you have quite a few choices to opt for. Study what’s out there and choose what best suits your company’s needs (or which acronym appeals to you more):

byod security

  • BYOD (Bring Your Own Device) allows employees to use personal mobile devices for work. The strategy has been gaining a lot of attention recently, especially by smaller businesses. It is advantageous in a number of ways: it decreases costs, increases productivity, solves the learning curve issue, since employees are already familiar with their phones, and take the initiative to update them themselves to enjoy cutting-edge technologies. As a result, happier employees and, sadly enough, a Pandora’s box of security issues to be tackled.
  • CYOD (Choose Your Own Device) is a step forward in an attempt to regain control over corporate data security. This option presents workers with a limited number of personal devices to choose from for professional use. It keeps a certain amount of freedom on the employee’s side of the playfield, while allowing for more control from the company. As a result, increased overall and mobile application security. The drawback is high costs. The strategy only makes sense when the choices are kept updated, which is hard since major manufacturers launch new mobile products annually.
  • COPE (Company-Issued Personal Enabled) This strategy removes the differences between devices because every employee has the same one. The downturn to COPE is privacy concerns, as IT is enabled to see any personal data inside the phone. And hey, people already have enough devices to be torn between.

Remember, however, the device-level is only part of the strategic security puzzle. Make sure you work together with a reliable IT partner to get a comprehensive vision on your entire mobile data ecosystem, and elaborate on security standards for mobile applications, devices, and networks.

Equipped with the right knowledge, you are now ready to implement a smart enterprise mobile security solution to your business. 

 

We don’t peddle trends. We streamline business.