Mobile Security Often Overlooked - Softrams

  • Press
  • Security

Yusuf Richardson
October 30, 2021 400 views

A protected mobile deters any type of data theft or attack.

Mobile Device Security

Cloud and mobile devices have changed our day-to-day work experience. Mobile device use is now a part of the business culture for today’s society. Employees want access to corporate applications and sensitive data at any given time or location.  Whether it is Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), or Corporate-owned Personal Equipment (COPE), the mobile device infrastructure is implemented in almost every organization.

Due to the extensive usage of mobile devices in today’s work environment, the risk of data theft has risen enormously. Threats such as newly discovered mobile malware are spreading via SMS messaging in the U.S. and Canada, using lures about COVID-19 boosters and regulations. The site tells users they need an “Adobe Flash update.” If they click on the subsequent dialog boxes, TangleBot malware installs.

With most business PCs now mobile, portable devices present distinct challenges to network and data security.  Between malicious hackers and inexperienced users, mobile devices are vulnerable to a broad spectrum of attacks.  Potential threats to devices include malicious mobile apps, phishing scams, data leakage, spyware, and unsecured Wi-Fi networks.  Businesses also should account for the possibility of an employee losing a mobile device or the device is stolen. To avoid a security breach, companies should make clear, preventative steps to reduce the risk.

Securing mobile devices requires a multi-layered approach and investment in enterprise solutions. While there are crucial elements to mobile device security, each organization needs to find what best fits its network.

 

The following are some best mobile device security practices:

 

  1. Establish, share, and enforce clear policies and processes

Mobile device policies are only as efficient as the organization’s ability to correctly communicate those rules to employees. Mobile device security is precise and understandable.  Various stakeholders should document business device standards, and users should provide their signatures to acknowledge compliance.

 

  1. Password protection

One of the most basic ways to prevent unauthorized access to a mobile device is to create a strong password.  A common security problem is employees using the same password for their mobile devices, email, and work-related accounts. Employees must create strong, unique passwords and create different passwords for different accounts.  Password should be no less than eight characters and contain at least one unique character, numeric symbol, and capital letter.

 

  1. Leverage biometrics

Instead of relying only on traditional methods of mobile access security, such as passwords, some organizations are looking to biometrics as a safer option.  A computer uses measurable biological characteristics, such as face recognition, fingerprint, voice, or iris recognition for identification and access.

 

  1. Avoid public Wi-Fi

Mobile devices are only as secure as the network through which it transmits data. Organizations are required to educate employees about the dangers of using public Wi-Fi networks, which are vulnerable to attacks and can easily breach a device, access the network, and compromise data. The best defense is to encourage intelligent user behavior and prohibit open Wi-Fi networks, no matter the convenience.

 

  1. Beware of apps

Malicious applications are the fastest-growing threats to mobile devices. When an employee unknowingly downloads one, either for work or personal reasons, it provides unauthorized access to the organization’s network and data. Further reducing this rising threat impacting businesses, businesses can instruct employees about the dangers of downloading unapproved apps or ban employees from downloading certain apps.

 

  1. Mobile device encryption

Most mobile devices are bundled with a built-in encryption feature. Users need to locate this feature on their devices and enter a password to encrypt their devices. With this method, data is converted into a code that authorized users can only access.

 

  1. Virtual Private Network

Utilize a virtual private network (VPN) if possible. A VPN extends a private network across a public network. A VPN enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPNs’ encryption technology allows remote users and branch offices to access corporate applications and resources securely.

Mobile devices and their data security are based on personal configuration, device platform, cloud-based 3rd party services, and web services. Individuals who utilize their devices to access sensitive company data must continuously educate themselves on potential threats and security practices to adequately secure mobile devices.  Organizations should perform a detailed analysis of risks against all possible known security threats for mobile applications and use findings to form a secure strategy.  In addition, continuous information awareness programs should be adopted by all organizations utilizing mobile devices for business use.



More Stories

  • Team members working together

    Building an Angular UX Framework

    Brett Mayen
    March 22, 2021

    Through the case study lens of the Softrams-built Health Plan Management System (HPMS) UX Framework, we will discuss the process of building and maintaining an Angular UX Framework and deploying its libraries to NPM.

  • DaaS (DevOps as a Service) – Part 1

    Joshua Seidel
    August 11, 2021

    IaC is a key DevOps practice and is used concurrently with continuous delivery. This blog covers the top three tools, Terraform, CloudFormation, and Ansible that fall under IaC for AWS.

  • Supply Chain Attack – SolarWinds

    Bill Jones
    January 28, 2021

    In December 2020, CISA announced an “Active Exploitation of SolarWinds Software”. The CISA announcement includes a link to the FireEye Advisory uncovering the supply chain attack that compromised multiple global victims with the SUNBURST backdoor.