In 2004, the National Cyber Security Division under the Department of Homeland Security first conceived of National Cyber security Awareness Month. Every October since then has been used as a time for the U.S. government and participating cyber security firms in the private sectors to raise awareness about the cyber threats facing our daily lives in the 21st century.
What does the mobile threats cape look like?
It’s fitting that October is also the time of year when people in the U.S. celebrate the supernatural, because at the moment, the mobile cyber threat landscape is terrifying. From government agencies to financial institutions, the inclusion of mobile devices in business operations is raising a long list of concerns including the threat of lost or stolen devices, shadow IT, connections to non-secure networks and more.
“Networks are inclusive of everything from smart phones to smart watches and beyond.”
However, enterprise mobility isn’t a trend that businesses are ready or willing to shy away from. The opportunities for return on investment are too substantial to start backpedaling now. Hospitals are using tablets and smart phones to take notes and access patient medical records as they move between wings of a facility, or to remotely track out-patient vitals. Banks and credit unions are starting to offer customers mobile applications that make banking more convenient. Keeping track of mobile and remote endpoints was hard enough when we were just dealing with laptops. Now, business networks are inclusive of everything from smart phones to smart watches and beyond.
Mobile cybersecurity: A checklist
Naturally, mobile endpoint security is a complicated endeavor since there are literally so many moving parts involved. However, there are a few overarching checklist items that organizations must consider as they attempt to mitigate risks associated with mobile devices. Let’s take a look:
- Layout clear company policies for mobile: Whether you’re allowing bring your own device or you’re distributing corporate-owned, personally enabled devices, it’s vital that any mobile endpoint that will be used for work purposes adhere to a well-defined set of boundaries. These need to be official, enforced and implemented across all departments of your organization. End-user awareness is the best defense against targeted threats such as phishing schemes, and it can abate careless user activity.
- Know what endpoints are accessing your network: This is vital to not only ensuring that your employees are adhering to best mobile practices, but also to being able to detect anomalous behavior – be it within the organization, or at the consumer level (i.e., unusual mobile banking activity). At the end of the day, every interaction that a mobile device has with your network is logged and recorded. It’s really just a matter of knowing how to identify suspicious or unusual activity.
- Deploy a mobile management solution: To be fair, there are countless mobile security solutions, and enough initializes (MDM, EMM, MAM, IAM, etc.) representing them to give your CISO or CIO a pounding headache. That said, having a methodology in place to remotely protect lost or stolen endpoints is a vital aspect of incident response. You need to have an awareness of what mobile management solutions are out there, and which ones are necessary to respond to threats in your unique mobile environment.
Are you ready to protect your mobile IT environment?
With so many different types of mobile devices connecting to your network from such a vast array of locations, checking off all three of the above items is a lot easier said than done. There are so many intricacies involved in developing mobile policies, and so many people who have to be included in that process. Threat detection in such a dynamic endpoint ecosystem is sort of like trying to pick misshapen snowflakes out of a blizzard. And with so many different mobile security offerings at play, it’s not always easy for IT managers to make the best use of the funding available to them as they attempt to secure the network.
The best advice we could give you here is this: Don’t try to do it all by yourself. Work with a cyber security partner capable of helping you answer this question: “Am I safe?”