What Does a Mobile Device Security Strategy Look Like?
Why do we need mobile device security? The answer is very simple: to avoid data breaches.
And what are the chances of a data breach happening to an average SMB? A lot higher than you might expect.
A Verizon report into data breaches last year indicated that 43% of all cyberattacks are targeting small and midsize businesses.
When you consider that nearly half (47%) of SMBs say they have no understanding of how to protect their companies from cyberattacks, you can begin to see an environment in which organizations are particularly vulnerable.
And cyberattacks are no joke; among companies that don’t have a disaster recovery plan who suffer a major breach, 93% of them go out of business within a year.
The reason this is important for businesses to understand is because to say 2020 has got off to a rocky start in cybersecurity terms would be an understatement.
Mobile Device Security and COVID-19
The current landscape has proved fertile ground for cybercriminals.
People are away from their offices, often with unsecured devices and without the knowledge to proactively counter cyberattacks against them.
Hackers are preying on people’s fears and anxieties and taking advantage of unprepared businesses in order to make money.
In short, businesses and their employees—most of whom are working remotely with mobile devices—are more vulnerable than ever.
SMBs must act, and quickly.
With this in mind, let’s take a look at the core components that make up a mobile device security strategy.
Mobile device management, or MDM, is one of the most important tools a business can have at its disposal.
MDMs have typically been used in the past by organizations that want visibility over mobile devices under their office networks.
In recent years, the number of devices under any given network has increased dramatically, thanks to what we now call the Internet of Things.
87% of companies are dependent to some degree on their employees’ access to mobile business apps from their smartphones
IoT tech doesn’t refer to just laptops and smartphones, but rather a whole host of technologies that operate under network—including TVs, printers, and HVACs.
The most pertinent to the subject at hand today is of course laptops and smartphones operated by employees outside the office; being used to access and handle company data.
While it can be relatively simple to setup a secure office network, remote workers are conducting their work under their own networks—difficult to reach and more difficult still to get them to each install, for example, security protections.
This is where an MDM is useful.
Every device that needs it, including company laptops and other work devices, can be installed with an MDM agent, which permits its management.
From there, IT can remotely monitor devices, push necessary software updates to patch security flaws, and wipe devices of data should they be lost or stolen.
Other ways an MDM can help:
- Restrict access to apps or device settings
- Standardize devices
- Establish Security policies
- Enable Network security for BYOD policies
- Quicker device provisioning, deployment, and employee onboarding
Advanced Spam Filtering
When you picture a hacker, what do you think of? Someone constructing malware comprised of never-ending lines of code to gain access to a high security server?
Well, that type of cybercrime does exist, but the biggest threat to business is in fact the good old-fashioned email.
Spam emails intended to trick unsuspecting users into handing over personal or business-critical data are more commonly known as phishing emails.
Phishing was already a popular technique for cybercrime long before 2020, and an aspect of security that SMBs and larger enterprises alike have struggled to cope with.
64% of organizations have experienced a phishing attack in the last year
The present pandemic has only added fuel to the flames in this particular regard, as it has with cyberattacks in general.
We recently published a blog on cybercriminals using Microsoft Sway to create exceptionally convincing landing pages that could fool anyone into typing in their details. We also recommend checking out our previously mentioned Q&A on COVID-19-related scams with our Director of MIT Security Services to gain a greater understanding of what’s driving these scams and how they should be combated.
This is where advanced spam filtering can significantly help your chances deterring a breach.
But don’t email providers have spam filters anyway?
Well, yes, but filters that are free are often lacking in many of the filtering techniques used by advanced filters. Anyone who has a Gmail account will know that spam can still get through, in spite of its filter.
A quality advanced spam filter will offer the following techniques:
- Reputation-based email filters
- Content Analysis
The proliferation of devices and the rise of IoT tech has not only created a substantial increase in the number of endpoints that a criminal can use as entry points, it’s also caused an issue with the provisioning of antivirus software.
Antivirus is needed on every device, especially those that are operating outside the office. Moreover, traditional antivirus, which many will have become accustomed to, simply doesn’t have the necessary capabilities for secure protection in 2020.
Next-gen antivirus uses advanced technology that gives it a distinct advantage over regular antivirus solutions. Technology such as:
- Machine learning: Files are analyzed before use using an automated bot which can discover any malicious elements—all without any interruption to the user
- Behavior analysis: Computer processes can be monitored in real-time and detect any abnormal behavior, terminating malicious processes
- Threat intelligence: When a device encounters a threat, every other device under network will be updated to counter the danger without any need for manual input.
Businesses need proactive solutions that can grow and change as their needs develop. This is the ultimate benefit of next-gen antivirus.
Small and medium businesses can offload the stress and responsibility of managing antivirus software updates, scans, and management to a next-gen solution that is designed to do all of the heavy lifting for you.
Many of us are familiar with MFA. We use it to log into our bank accounts and other services which host our most sensitive information.
Your business is no different—there is sensitive information everywhere, and it’s all useful to a cybercriminal if they get their hands on it.
Related Post: What Is Cyber Hygiene?
Advanced verification for users using devices or logging onto your network is a simple and highly effective way of avoiding being compromised.
Microsoft cloud services see 300 million fraudulent sign-in attempts every day. They estimate that MFA blocks 99.9% of automated attacks
MFA works by combining a traditional sign-in method (usually a password) with a more personal method, like a fingerprint or text message.
While staff will undoubtedly find MFA a little frustrating at first, there’s no doubt as to why some of the most safety-conscious organizations in the country use MFA—it’s because it’s simple to implement and it works.
It’s also advisable that you have a credential management system which protects your passwords with solid methods of encryption.
We at Impact talk a lot about how crucial it is to have employees who are aware of how to stay alert to cyberattacks, and what measures they can take to shield themselves from harm.
The fact remains that employees represent your business’ soft underbelly. They often don’t know how to deal with phishing attacks, and all it takes is one wrong click and the attackers are in.
According to Kaspersky, 46% of cybersecurity incidents in the last year were due to careless or uninformed staff
In light of the pandemic, this weakness is being exploited more than ever, and one studied month, between February 25 and March 25, found that daily successful email phishing attempts had increased by a factor of 32.
Now, working from home, workers are often being left totally to their own devices (so to speak) with regards to protecting themselves and their mobile devices from cyberattacks, and many of them will not know how.
Put simply, if you’re not investing in your employee’s security awareness, there’s never been a more urgent time to do so.
SMBs that are not utilizing a security awareness program for workers are sleepwalking into disaster.
- The proliferation of mobile devices has radically changed how businesses should be approaching mobile device security
- Advanced tools, like MDM, next-gen antivirus, and advanced spam filters are the feathers in the cap of a capable cybersecurity strategy
- Older and legacy-style cybersecurity tools are often no longer up to the job of safeguarding such a large number of devices
- Don’t forget your employees! They must know what to look out for and how to protect their mobile devices from harm, especially given the current environment
In light of recent events, many organizations have found themselves playing catchup with their cybersecurity, trying to implement makeshift solutions to make up lost ground while their workforces are working remotely for the immediate future.
To find out more about how you can ensure your business’ cybersecurity is in good shape for now and for the future, download our eBook, “What Makes a Good Cybersecurity Defense for a Modern SMB?”.