Our hearts might skip a beat every time we put our hands in our pocket and can’t find our mobile phone, and we’re filled with dread at the thought of losing the device that contains our personal photos and the corporate data saved on it. But just misplacing a device is not how we put corporate data at risk; small actions in our day-to-day lives can have a major impact on the safety of the corporate data on our devices.
What is mobile security management?
Mobile security management (MSM) is a term that refers to the actions taken to secure mobile devices and the data they contain. MSM can be proactive or reactive, based on whether the action is performed before or after the device or data is compromised. Proactive actions include securing the data and devices from data breaches using passwords, encryption, and containerization. Reactive actions are those performed after a device is lost or stolen, or a data breach has occurred. This could include remotely locking and locating the devices, or wiping the data present on the devices.
Why is mobile security management important in organizations?
As the use of mobile devices in organizations continues to grow, cybercriminals are finding newer methods to exploit corporate data. Unsecured mobile devices work to attackers’ advantage, so organizations must work double-time to secure them. According to a recent study by Verizon, many organizations are putting mobile device security on the back burner, and this has increased the risk of data loss, downtime, and damage to customer relations and the organization’s reputation.
Despite being advised that connecting to an unsecured Wi-Fi network could potentially lead to a data breach, countless employees still connect to open Wi-Fi sources available at airports, cafes, and other public places. According to the same Verizon study above, 81 percent of respondents admitted to connecting mobile devices to open Wi-Fi sources despite it being prohibited by company policies. Small actions like these could result in a major loss of data and financial hardship for the organization.
Here are a few other actions that put corporate data at risk:
- Downloading apps from unverified sources: Apps added to the Apple App Store or the Google Play Store are checked for threats like malware before being available for download. This assures users, with some degree of certainty, that these apps are safe to use. However, the same cannot be said for apps downloaded from other, unverified sources, and this increases the chances of a data breach.
- Not reviewing app permissions: Most apps request permission to access certain device functionalities, such as the camera, location information, and contacts, when they are used for the first time. Some of these app permissions are required for functioning, and some are available only to improve the user experience. Many users agree to all the permissions without checking why a particular app would require access to their gallery or contacts.
- Keeping Wi-Fi and Bluetooth always turned on: Many users keep their Wi-Fi and Bluetooth turned on at all times, as well as enable auto-connect, for ease of use. This gives attackers an opportunity to connect to the devices and access stored personal and corporate data.
- Running an outdated OS: Every OS update introduces security fixes and patches for vulnerabilities detected in the previous OS. Running an outdated OS increases the probability of cyberattacks using the detected vulnerabilities.
- Not using a virtual private network (VPN) while accessing corporate data: Sometimes connecting to an unsecured Wi-Fi network to access personal data is unavoidable. In such cases, accessing corporate data is not recommended. The likelihood of a cyberattack can be reduced if the user connects to a VPN while accessing corporate data on an unsecured network.
- Jailbreaking or rooting devices: Mobile developers have certain security restrictions in place to protect the devices and data, but to obtain extra control over devices, many users jailbreak or root them. This overrides security measures and exposes the devices and data to cyberthreats.
How can organizations secure their mobile devices?
The simplest way to secure devices is employee education, but it is not always best to leave sensitive corporate data in the hands of employees without an additional layer of security.
Most mobile device management (MDM) solutions offer a comprehensive list of features that help protect corporate data and devices.
The following features help organizations protect corporate data on mobile devices:
- Encrypt corporate data: MDM solutions can mandate encryption on mobile devices using the available built-in encryption protocols or, for macOS and Windows, remotely enable encryption using FileVault or BitLocker.
- Enable automated OS updates: MDM solutions give organizations the capability to delay, schedule, or automate OS updates once they’re available for the device. Delaying updates enables organizations to test the updates first. Scheduling updates prevents bandwidth choking that can occur if all users update their apps simultaneously.
- Leverage containerization: In organizations with a bring your own device (BYOD) environment, users can access corporate data using personal apps, and this increases the chance of data breaches. MDM solutions, however, enable admins to create virtual containers on devices that prevent any communication between personal and corporate apps.
- Lock down apps on devices: Mobile devices are now being used as point-of-sale (POS) devices where users need to access a single app or a set of apps. In such cases, admins can use an MDM solution to run only the required app(s) on the device and prevent users from accessing other app functionalities and settings.
- Mandate the use of a VPN: MDM solutions can preconfigure VPNs for devices and allow users to enable VPNs on devices with a single click. MDM solutions can also automatically enable a VPN for corporate apps and web resources.
- Blacklist apps: While corporate apps can be silently installed on mobile devices, MDM solutions can also prevent users from installing any other apps on the devices, or restrict the installation of certain predefined apps.
- Restrict malicious websites: In most organizations, browser access cannot be restricted. In such cases, MDM solutions can enable sysadmins to select which web resources can and cannot be accessed from corporate devices.
- Access Exchange only from managed devices: Once a user knows the credentials for their corporate Exchange account, he or she can access email even from unauthorized devices. This could result in a data breach since unmanaged devices don’t have the same security standards as managed devices. MDM solutions overcome this problem by enabling users to access corporate Exchange accounts only from managed devices.
- Detect and remove jailbroken and rooted devices: Corporate data in rooted or jailbroken devices is always at risk. MDM solutions can detect jailbroken or rooted devices and remove them from the network to ensure non-compliant devices cannot access corporate data.
- Enable geofencing: Organizations can also perform remote actions like ringing an alarm, wiping the corporate data, or resetting the device when it leaves a predefined area.
- Track device location: Tracking the location of a device is one of the easiest ways to start securing it. MDM solutions enable IT admins to remotely locate devices either at all times, or on-demand when a device is lost or stolen. Some MDM solutions also enable sysadmins to track and maintain a history of device locations. This is helpful when devices are handed out to drivers from cab services or for logistical reasons.
- Perform remote actions: When a device is lost or stolen, MDM solutions enable sysadmins to perform various actions remotely on the device based on whether the device can be retrieved or not. The first step if a device is misplaced is to remotely lock it with a passcode and locate it. Once the device is located, if it cannot be retrieved, it should be reset to factory settings, or the corporate data should be wiped.
ManageEngine’s enterprise MDM solution, Mobile Device Manager Plus, enables you to perform security actions and more on devices running iOS, Android, Windows, macOS, and Chrome OS.