No Hackers. No Dark Web. Just Basic Security Failings
In terms of enterprise mobile security, the Verizon Mobile Security Index 2018 Report finds:
In fact, the massive data breach at credit-reference agency Equifax reported in September 2017 was the result of a litany of errors inside the company. These include the failure to use well-known data security best practices and sub-optimal internal controls, including:
To up the ante on mobile data security in your organisation, you can take the following practical measures:
To mitigate the risk of a mobile data breach, you need to gain full visibility into your users’ devices, apps, and network access with Enterprise Mobility Management (EMM).
Using EMM tools, IT teams can secure mobile devices, applications, and the data on them, and keep security threats at bay. Whether the threat comes from an app, the Internet or an employee losing a device that contains commercially sensitive data, EMM solutions can prevent critical data loss and unauthorised data access.
In fact, EMM forms your first line of defence against enterprise mobility security threats and help keep customer and corporate data safe.
It’s important to manage the identity of the mobile technology accessing your network and implement strong technologies and automated processes to reduce information loss and reputation risk.
With Mobile Threat Detection your organisation can detect and analyse threats as well as take swift action against them and restore compromised devices to a compliant state. This technology detects and remediates malware, viruses, worms, bots, phishing, and a variety of other cyber threats.
With Mobile Information Security technology, you can set up protocols to ensure the right data can always be accessed by the right people, when and where it is required.
See Mobile Device Management (MDM) as a minimum requirement. This technology prevents unauthorised access to corporate data, helps ensure that mobile devices are compliant with corporate mobile policies, and provides capability to remotely lock and wipe a compromised device.
Mobile Threat Management (MTM) is used to improve your enterprise security protection well beyond the provisions offered by MDM platforms and EMM capability. It further enhances the capabilities of MTD technologies with proven processes to design, build, maintain, manage, support and report on cybersecurity within your business.
With a fully integrated MDM/MTD solution, Automated Alert and Remediation capability enables you to return compromised devices to a compliant state and ensure authorised users have access to the company resources they need, when they need them.
Gaping holes persist in mobile data security management practices across the country despite the Notifiable Data Breach (NDB) legislation in Australia and the General Data Protection Regulation (GDPR) in Europe.
On mobile, it’s all too common for employees to disregard data protection safeguards and take short cuts to stay connected. Stay a step ahead of your users with these practical steps:
It’s essential to use Mobile Device Management technology to mitigate the risk of sensitive information getting into the wrong hands and to satisfy Notifiable Data Breech (NDB) requirements.
Simple steps like password protection using two-factor authentication will also help strengthen security with two stages of confirmation required for users to access company documents or networks.
Mobile data security starts with the device, and each mobile operating system requires a different approach for hardening the device.
App wrapping is a quick and easy way to securely deploy apps by segmenting the app from the rest of the device by encapsulating it in a miniature, managed environment.
Mobile data security is an essential component in any successful business.
Clearly, the business value of implementing strong mobile data security initiatives cannot be overstated as the business cost of handling a data breach can be substantial and long term.
Average cost of a data breach globally = US$3.86 million
2018 Cost of a Data Breach Study sponsored by IBM Security and conducted by Ponemon Institute
For any breach, the cost of identifying, isolating, and resolving the issue even before it has a chance to cause any damage can be significant. Direct costs include:
IIn Australia alone, penalties for not informing affected parties and the Office of the Australian Information Commissioner (OAIC) of a notifiable breach can amount to fines of $360,000 for individuals and $1.8 million for organisations.
Employees will need to be reassigned from business priorities to handle the fallout of the breach. Plus, there’s the cost of repairing and remediating a company database once it’s been hacked.
High customer turnover
Many existing customers will stop doing business with organisations that have been breached.
Even when financial losses cannot be quantified, many customers and victims will seek monetary compensation.
The true extent to which a mobile data security breach damages your business reputation depends on:
In leading organisations, there’s a strong connection between cybersecurity and the business bottom line.
Studies show that organisations with strong cybersecurity also benefit from improved efficiency, reduced downtime following disruptions, and a stronger brand image. Yet it can be difficult to measure the return on data security investments.
To do so, you need to gauge what your company will save from not having security problems as a result of the investment. This involves estimating the risk exposure and understanding:
Mobile device security has become a critical issue in the enterprise. The cost and consequences of a mobile data security breach extends to:
Whether you prioritise the need to avoid fines for data breaches or to protect your organisation’s reputation or brand, the faster a data breach can be identified and contained, the lower the costs.
It’s also important to remember that as mobile devices now contribute to the majority of internet traffic globally, the potential for data security breaches stemming from mobile devices is likely to rise.
Some of the top threats against mobile devices include:
All businesses need to get serious about incorporating mobile data security practices into their operations. It’s important to identify vulnerabilities in the business, and adopt a security culture to demonstrate the benefits of implementing strong security measures. It’s essential for everyone in your organisation to be aware of the risks associated with mobile data loss and exposure.
While the range and variety of mobile security threats are rising, all too often, it’s employees who create the weakest link when it comes to enterprise mobile security. In cafes, hotels and airports, employees invariably prioritise convenience over security and use a Wi-Fi hotspot even when there’s no guarantee it’s fully secure. If they are using their own devices, they may neglect to update the operating system to the latest version which means they don’t have the latest security patches installed.
48% of employees sacrifice mobile security for the sake of speed and efficiency. Verizon Mobile Security Index 2019
According to Verizon’s Mobile Security Index 2019, 81% of organisations point to employees as their biggest mobile security risk. To mitigate this risk, businesses need to implement actionable solutions and enforceable security policies, including:
Update company policies to protect business travellers from both malicious and inadvertent mobile data security breaches.
Multi-factor authentication provides an extra layer of security for users accessing company apps, tools, and data. Users are required to prove their identities using two or more verification methods before they can be authenticated.
If your company employs a BYOD (Bring Your Own Device) policy, make sure each device has a firewall and antivirus software installed on it. It’s also good practice to restrict employees from being able to connect unknown external hardware, such as portable USB flash drives, to any company device.
Enterprises use VPNs to ensure secure connections for remote workers. A VPN acts as a middleman between a device and the internet – the website interacts with the VPN server which communicates with the device. Since this interaction is encrypted, nobody can see what data is shared online. By not requiring a VPN, enterprises are more vulnerable to security risks.
To ensure employees understand the importance of cybersecurity – in and out of the office, it’s essential for IT and other leaders to drive home the significance of data privacy and protection. Employees must be able to understand why it’s important, how it can impact them, and what steps they must follow to prevent a breach. Your people need to be comfortable recognising and reporting threats.
We’ve now had more than three months of emergency measures in place to restrict the spread of COVID-19. Love it or hate . Read More...
As we move towards the second half of 2020, we’re likely to see many of the fast-adopted changes that were put in place . Read More...