As the use of mobile devices in the enterprise continues to expand, mobile endpoint security is becoming an increasingly pressing concern. According to recent statistics from GSMA Intelligence, there are now more mobile devices than there are people in the world, and their numbers are growing at about five times that of the population. While many of these devices are purchased by individuals for personal use, they’re also entering the workplace and becoming a core driver for business productivity.
Designed for consumer use, early smartphones and tablets often provided lower standards of protection than other computer systems such as PCs and laptops, making mobile endpoints prime targets for attackers looking to gain access to corporate data and networks. This is especially true in increasingly popular BYOD environments, which multiply the attack surface for hackers. Global Market Insights estimates that the prevalence of BYOD will grow at around 15 percent per year until 2022.
While these statistics indicate the IT department is unlikely to gain more control over endpoints any time soon, there are steps that organizations can take and mobile endpoint security solutions they can implement to help ensure that corporate data is kept safe and secure.
Develop a Strategy
The first step is to develop a mobile strategy that considers what types of devices and applications will be allowed on the network and the level of support that will be provided. Organizations need to think about how employees will be allowed to connect, such as whether to use a VPN, and should create policies around Wi-Fi usage.
Provide Mobile Security Training
Mobile security training should be provided to all users in the organization in order to raise awareness of security issues and to minimize the chances of incidents that compromise security. Among other things, the training should focus on keeping employees safe from phishing attacks and the risks posed by unsanctioned mobile apps. Mobile security training should also focus on safe use of devices, such as avoiding insecure Wi-Fi locations and not doing sensitive work in public locations. Users should also be trained on the importance of keeping data secure and of taking precautions with devices that can easily be lost or stolen.
Give Users the Tools They Need
Because of the difficulties inherent in enforcing security on privately owned devices, some highly regulated industries such as government are eschewing the BYOD trend to enforce the use of only corporate-provisioned devices. This might not be an option for every organization, but companies can require that only a certain class of devices be used, and can enforce this requirement through the mobile enrollment program. Any device that doesn’t have the required security posture or has been rooted or jailbroken can be denied access.
For example, organizations can require that only devices that have security built in at both the hardware and software layers be allowed, such as those that support Samsung Knox. Knox provides multiple levels of security for meeting the data protection and security needs of any organization. When Knox Workspace is deployed, independent containers are provided that can separate work and private data, and applications cannot co-mingle. If a device is lost or stolen, or if an employee leaves the organization, data can be remotely wiped from the device, including just the data held in the work container.
In combination with enterprise mobility management tools, strategic security policies can ensure that data is adequately protected. These include the use of strong authentication factors such as iris scanning, encryption, and the blacklisting and whitelisting of applications.
With the number of endpoints proliferating, every organization must ensure that it does everything it can to enforce endpoint security. Although security tools can help with this, mobile security training is also a must in order to ensure that awareness is high regarding new and emerging threats.
Learn more about how your business can combat security risks by checking out the top three mobile security threats here.