Reduce Business Security Risks via Effective Mobile Security Management
By Abdul Moiz Executive Director
Today, businesses know that they have globally dispersed partners, distributors, and even customers. To keep up pace with the changing conditions of how business is conducted today, more and more organizations are rapidly adopting innovative mobile applications. The use of mobile devices for business purposes is transforming the company’s business capabilities as mobile presence is critical for businesses to attract, retain and communicate with customers and partners.
With the rise in the use of mobile devices for both personal as well as business purposes, there has been an exponential growth in the number of well-organized cyber-crimes and independent hacks. You must, therefore, understand the relevance of identifying and combatting mobile device vulnerabilities and the business security threats involved in it.
Understand, identify and combat mobile device vulnerabilities and business security threats involved in Mobile Security management.
More and more employees are accessing corporate resources from almost anywhere. Getting things done on the go has become more of a necessity than an option. With the increasing practice of Bring-Your-Own-Device (BYOD), organizations now need to create mobile applications that can be supported on multiple mobile platforms.
With this increased mobility, efficiency and accessibility, there is a rise in mobile security threats and the need for improved business risk management. Organizations need to identify mobile device vulnerabilities and ensure that data, applications and infrastructure are secured to mitigate any kind of business security threats.
Now, more than ever, organizations must be diligent and focus on mobile security to help reduce risks to the company’s intellectual property, proprietary data brand, and market position. In addition to risks posed to businesses, these mobile devices also make their customer data vulnerable.
Mobile devices increase the potential for breach of sensitive data. Organizations need to fight mobile security threats posed through mobile malware, lost or stolen devices, and web-based threats. Read the full story to find out the security threats from mobile device that your business faces and more…
Mobile Security Threats to Business
There has been a significant rise in malware attacks and security breaches on mobile device platforms. Now-a-days, there is greater threat to a third-party while tracking locations, devices, and even capturing data. On a broader level, mobile security threats that affect businesses can be categorized under the following three categories:
Mobile Web-based Threats
Many organizations today choose not to create native applications, taking into account the inherently associated security risks. Such organizations then choose to deliver online services via web-based applications. However, if these web-based applications are accessed on the mobile – they are susceptible to security threats such as cookie stealing, browser exploits, phishing scams, drive-by downloads, and many more risks that are applicable to mobile devices.
Mobile Device-based Threats
Mobile devices face a major security threat that exposes them to all kinds of cyber-attacks and dangers when users download rogue applications from untrusted sources and install such unapproved applications.
Native Application-based Threats
Mobile devices also face security threat from native applications that the users may download and install from several trusted or untrusted sources. The security threats and risks from such native applications can be categorized as:
- Malicious software or malware that provides a backdoor entry to the attacker to execute unwanted actions
- Penetrable mobile applications that may be tampered to contain code flaws to be used for fraudulent purposes
- Threats pertaining to data privacy, where a spyware or even a legitimate application collects user’s sensitive data and information to carry out a financial dupery or identity theft.
Measuring Mobile Security Risk
You can measure your mobile security risk based on four categories:
Device Risk
This category measures the risk to mobile security from the perspective of risk posed directly to mobile devices. Some of the most common risks to mobile devices when they are used are:
- Distorted Short Message Service (SMS) messages that may cause your mobile devices to crash
- Improper detection and authorization of USB devices
- Unique susceptibilities and offsetting controls that the operating system of each mobile device inherently possesses
- Trojans, viruses, worms, or other PDA-specific malware
- Loss, damage or theft of device
- Financial losses caused owing to interruption and driving up service costs due to spam aimed toward mobile devices
- Use of the mobile devices as proxy to establish a virtual connection to an internal network by an attacker
- Improper deletion of files that can be restored on memory devices
Malware Risk
This category measures the risk to mobile security from the perspective of malware risk to the mobile devices. Some of the most common malware issues and risks to mobile devices are:
- A malware known as ‘Blue Bug’ is a common risk to mobile devices. A ‘Blue Bug’ gives full access to the command set by creating a serial profile connection to a mobile device.
- A common malware associated with Blackberry devices is ‘Blackjacking’. ‘Blackjacking’ provides hacking into an enterprise system using a Blackberry. This malware can seriously hamper mobile security as typical security products are unable to inspect the communications channel between the Blackberry server and the handheld device, which is encrypted.
- A malware known as ‘SNARF’ will attack and allow access to stored data portions of the mobile device without the owner’s knowledge.
- A malware that targets the Bluetooth capability of your mobile devices is ‘Bluejacking’. ‘Bluejacking’ provides access to and use of your device’s Bluetooth pairing protocol. It inserts a command message in the “name” field. All data on your mobile device becomes available to the perpetrator in case the Bluetooth pairing and information exchange handshake is successful.
- Another malware that targets the Bluetooth capability of your mobile devices is ‘Backdoor’. However, the ‘Backdoor’ malware works only between mobile devices in a “trusted relationship”. Using this malware, a perpetrator can attack and create a Bluetooth pairing with a mobile device in a “trusted relationship”. However, due to the malware, the connection between the two devices remains intact, even when the relationship is unpaired.
Sensitive Data Access Risk
This category measures the risk to mobile security from the perspective of access to sensitive data and thereafter, potential leak of this sensitive data by the mobile devices. Some of the most common ways through which sensitive data can leak through mobile devices are:
- Loss or leakage of data due to small footprint and portability of the mobile device
- Leakage and exposure of critical sensitive data through wireless intruders who may capture e-mail addresses and attached data, if security is insufficient
- Stealing of sensitive data by hackers, intruders, etc.
- Fraud that may occur through remote access or copying large volumes of sensitive data.
Network Security Risk
This category measures the risk to mobile security from the perspective of risks posed to the network by mobile devices. Some of the most common network security issues due to the mobile devices are:
- The communication occurring between the mobile devices on a network can be easily impersonated, re-routed, intercepted, or piggybacked from any location
- Another common threat posed to the network by such mobile devices is when requesting and receiving application service on demand, wherever one is located, or ad hoc service provisioning is carried out
- A security problem can occur due to lack of integration with evolving WAN network security solutions
- A security risk occurs as your organization’s traditional firewall and VPN security systems tend to fall short for wireless mobile devices
- Risks may be posed when you do not take diligent care to secure the end points of connections, rather than just ensuring encrypted remote connections
- An unclear and blurred network perimeter may cause the boundary between the “public and usually provider-managed” and the “private and locally managed and owned” side of a network to be less clear
- Another common risk is posed to the network because e-mail and other communications are encrypted only from phone to phone, or mobile device to server, and beyond that point, e-mail, file transfers, and instant messages may be transferred unencrypted over the public internet.
Critical Focus Areas to Improve Mobile Security
Some of the critical areas that you should take into consideration and focus on to improve mobile security are as follows:
- Identify the risks/threats posed to business transactions on the mobile devices
- Identify up and down stream connections to each network segment such as cloud storage, network drives, SharePoint sites, data servers, intranet/extranet sites, etc.
- Have a detailed description of the type of company data that can be stored on a mobile device
- Know the type and management of access control technologies that are in place, such as Active Directory and LDAP
- List all the resident applications on the BYOD that will be allowed access to corporate data and servers
- Know the type of network architectures that are in place for wireless LAN and Wi-Fi
- Control the user access rights to applications and servers
- Have a detailed description of the manner in which mobile devices connect to the network
- Keep a track of what, from where, to which device and by what means is the data being transferred
- Be aware of the ways in which your organization’s employees access the network internally and remotely, such as through VPN, virtualization, etc.
- Document all the risks, threats, tips and steps to protect mobile devices
- Have a proper policy that identifies the types of devices that will be allowed in the official BYOD program
- Create detailed processes, guidelines, and instructions to employees to report a lost or missing mobile device so that it can be remotely disabled
- Identify your network’s current endpoints such as desktops, servers, data centers, and laptops
- Manage and keep track of the BYOD users, their BYOD uses, and job functions
- Assess and identify the content and data that has to be treated as confidential and classified
- Assess and identify the appropriate “risk of loss” value, when loss of ‘classified’ data takes place.
Also Read: IoT: How Secure are You With the Internet of Things? Externetworks
Elements for Effective Mobile Security Management
In today’s dynamic world, it becomes convenient to use mobile devices, such as smartphones or tablets, for business purposes. Hence, it is imperative that mobile device security should be enhanced and kept optimal to ensure the safety of your business transactions on such mobile devices.
You should keep in mind and take care of the following key elements to ensure the security of your mobile devices:
- Use appropriate and effective anti-virus and anti-malware software
- Ensure proper encryption for maximum e-mail security
- Keep the use of certain devices restricted to business purposes and avoid using these devices for your personal use to avoid accessing websites, networks, applications that may pose a security risk
- Make sure that you store your sensitive data in a secure location and not on your mobile devices
- Ascertain proper user authentication before access is granted to certain business applications and portals
- Take diligent care of your network perimeter and transmission security
- Ensure that proper data encryption is carried out before it gets transmitted across mobile devices
- Disable automatic Wi-Fi and Bluetooth connections that grant unrestricted access to anyone trying to connect their mobile devices through them
- Make sure that you have proper access control over the use of mobile devices from any location. This is because when such mobile devices are used in public places, they can pose great risks such as probing, data loss, device loss, and downloading of data by unauthorized people
- Make sure that effective intrusion prevention mechanisms are in place to avoid misuse of mobile devices
- Have efficient administrative standards and infrastructure in place to ensure maximum security to mobile devices.
Ask the Expert:
ExterNetworks is a single source provider for end-to-end Managed Wireless and Mobility Solutions to address your mobile device management challenges. ExterNetworks seamlessly delivers Mobility Solutions for a broad range of applications, technologies and enterprises by providing you access to experienced resources with specialized skills. We assist you in mobilizing your business rapidly by reducing complexity, time to set-up, and infrastructure costs. You can rely on our broad industry expertise to benefit from a faster time-to-market, increased value, diminished risk, and much more. We implement and deploy your mobility solution that has augmented security and controls, while our advanced reporting tools provide you a comprehensive report for operational visibility.