Using mobile devices for business is no longer unusual or reserved for special situations; it’s standard operating procedure. With that change in status should come a change in how you handle security for these devices. While mobile devices have a few characteristics that are unique and require special treatment, most of the security considerations are the same. As a result, mobile security should be folded into your overall security architecture and its focus on identity management.
Mobile is Different
These are the few ways that mobile devices differ from desktop devices that mean they need special handling:
- Mobile devices are portable. They can easily be lost, along with any corporate data and access credentials stored on them.
- Mobile devices are small. Because they have small screens, it’s harder for users to confirm they’re at the right URL or email came from a known sender.
- Mobile devices receive texts. Texts are another pathway for phishing messages.
- Mobile devices use public Wi-Fi. Public networks are often unprotected and users are vulnerable to snooping or having malware installed.
Mobile is the Same
Many of the risks you hear about connected to mobile devices are equally true for users in the office using desktop devices.
- Shoulder-surfing can expose data. While it’s true that you aren’t likely to have a competitor staring over an employee’s shoulder inside the office, screens and data are just as exposed on premises. How many users have a sticky note with passwords stuck to their monitor?
- Mobile devices can be out of date. Mobile devices often don’t have the latest operating system or security software installed, but that’s also true for desktop devices. Businesses often lack a strong patch management process and fall behind on applying critical security patches.
- Users fall for phishing. Phishing scams were causing problems for businesses long before they implemented BYOD policies.
- Data is shared in the cloud. Mobile devices are used to access files from outside the corporate network, so users often rely on unauthorized cloud services. However, the problem of shadow IT and unapproved clouds isn’t limited to mobile devices.
- Devices contain risky apps. Not every app on a mobile device is safe for business. Unfortunately, that’s also true for the apps users download to their desktops and the websites they visit from their computers at work.
- Users take shortcuts. Many security risks are due as much to user behavior as to technical vulnerabilities. Users don’t suddenly change their behavior patterns when they cross the office threshold.
It’s clear that while mobile devices may offer some unique challenges, most of the security risks they pose are the same as all the other technology in a business. Developing a comprehensive security strategy allows businesses to ensure consistent controls across all the technology their employees bring to work. Contact Prescient Solutions to learn how to protect information technology no matter what device is used to access it.