Most people—83%—think their organization is at risk from mobile threats, according to Verizon’s Mobile Security Index 2019 report.
Mobile threats are growing more quickly than other threats—especially in financial services, which is the least confident about mobile security, as well as the most likely industry to cut corners.
Data loss isn’t the only issue companies face from mobile threats. They may also suffer downtime, have other devices compromised, or experience all three.
Businesses looking to improve their mobile security can follow Verizon’s four-step process.
1. Assess
The first step in protecting your business is understanding what devices and data your organization has, who can access those devices and data, and what threats are out there.
For instance, the survey respondents said organizations were most concerned about employee-owned devices. Here’s why.
- Devices - Devices themselves can be stolen. In fact, Kensington found that 23% of businesses experienced IT theft.
- Content - Some employees access content typically frowned upon in the workplace, such as adult entertainment, extreme/illegal content, or gaming or gambling services.
- Permissions - Many apps allow access to a device’s microphone, calendar, contacts, location, and cameras/photos.
None of these threats even factor in the typical cybersecurity threats we usually talk about, such as malware, ransomware, and phishing (aka business email compromise).
2. Protect
Shield your data from emerging mobile threats.
Some examples of data protection measures include:
- Passwords - Draft a policy and verify adherence. Then, put your passwords to the test. Use a tool like LastPass to help you and your employees understand which passwords are compromised, weak, or reused. Password managers also help you change old passwords to be newer and stronger.
- Unified endpoint management - Preconfigure devices with approved apps, and set limits on what can be added to a company’s app store.
- BYOD - Draft a policy for employees who “bring your own device,” including responsibilities the employees assume when they BYOD.
3. Detect
Reduce how vulnerable your mobile security is by speeding up response time.
Implement mobile threat detection software to scan your system and devices. Plus, protect employee collaboration by deploying secure productivity apps.
Finally, develop a policy around IoT devices so they can be visible and managed. After all, thousands of these devices are likely on your network in the form of shadow IoT.
4. Respond
Once threats are detected, they must be remediated so that operations can recover quickly.
Examples of responses include:
- Creating an incident response plan.
- Locking down private information.
- Isolating infected, lost, or stolen devices.
- Implementing a system to send push messaging so people can know what to do if an incident arises.
- Perform regular response exercises.
- Automate corrective actions.
With a majority of organizations thought to be at risk for mobile threats, you can take a number of actions to mitigate those risks. Start by taking a look at more of Verizon’s recommendations listed in this report, and consider whether a partner could help you improve mobile security.