Mobile Device Security

“Mobile Device” is a general term used to identify common portable devices such as smartphones, tablets, and laptop computers. These devices have revolutionized the way we do work but at the same time, brought unique security and privacy challenges for us. 

What is Mobile Device Security?

Mobile device security refers to being free from the danger or risk of asset loss or data loss using mobile computers and communication hardware.

Organizations use mobile devices under different enterprise mobility strategies to improve productivity, facilitate teleworking, and ensure access to data anytime/anywhere.

Based on the selected approach, Organizations would implement mobile device security policies and assign roles/responsibilities accordingly. 

A study conducted by Verizon® found that 1 out of 3 companies who use enterprise mobility solutions surveyed reported a compromise involving a mobile device. 47% say remediation was "difficult and expensive," and 64% say they suffered downtime.

Threats for Mobile Devices

Smartphones and personal digital assistants (PDAs) like tablets give users mobile access to email, the internet, GPS navigation, and many other applications. However, smartphone security has not kept pace with traditional computer security. In addition to that, many smartphone users do not recognize security shortcomings in their devices. Due to this reason, mobile phones are becoming more and more valuable as targets for attackers. So, it is important to take steps to protect your mobile devices from attacks from the threats such as those listed below. 

Take Steps to Protect Your Mobile Devices

With nearly every employee possessing a mobile device, organizations need to be cognizant of the fact that this is a huge attack vector for criminals with malign intentions.

Even the most careful users can still fall victim to attacks on their mobile phones. However, following best practices regarding mobile phone security can reduce the likelihood or consequences of an attack. Remember, a hacked mobile device can be used to compromise an entire corporate network.

• Use a Secure Lock Screen: If someone gets ahold of your device, the last thing you want is for them to just turn it on to access everything!!! Therefore, use a secure screen lock. This could be a strong password or perhaps a biometric lock such as a fingerprint scanner.
• Enable Services to Track Device Location: A feature available in your device may help you identify where your lost device could start ringing or include a helpful screen message as to how to contact you, the owner, and track your device.
• Use Remote Wipe Security Application: Remote wipe security applications give device owners the ability to “wipe” or lock down devices from a distance.
• Use secure Wi-Fi: Using password-protected Wi-Fi connections keeps unwanted third parties from snooping or carrying out man-in-the-mobile attacks between your device and your intended destination. Avoid public Wi-Fi as much as possible.
• Watch your email/SMS and instant messaging: Don't click on links in email and other messages, as these may direct you to phishing or malware websites — this applies to all mobile platforms.
• Be consistent: Only download apps from trusted sources. This ensures that the apps are legitimate and not havens for mobile malware. Further, assign permissions to the applications in a minimal way and keep them updated.
• Install antivirus protection: Antivirus and anti-malware solutions are now popping up for mobile devices; install one from a trusted source, then run it regularly to ensure your device is clean.
• Don't jailbreak or root your device: Doing so increases your risk of infection from untrusted third-party sources. Stay rooted and benefit from automatic security updates and patches.
• Switch off Bluetooth or Wi-Fi when not in use: Mobile devices pairing on open connections enables attackers to eavesdrop and intercept data transmission using techniques such as blue bugging and blue snarfing. You can also disable automatic WiFi/Bluetooth connect features.
• Use Encryption: If the device manages critical functions and sensitive information, you can encrypt your device.

In addition to the above, it is mandatory to follow the organization’s security policies and guidelines while using your mobile device for official work. At the same time, Root of Trust (RoT) principles can be used to provide a robust level of security to official mobile devices handling critical data, if necessary.

It is the best practice that all the devices connecting to an enterprise network need to be authenticated. Proper authentication provides secure identity provisioning for devices to allow trusted communications with servers for data exchanges and can help identify, isolate, and exclude compromised devices.