Mobile Security Myths – Don’t Fall for Them
Mobility is the name of the game. Mobility is the frontier upon which the enterprise tech battles of the present and future are being fought. It’s estimated that enterprise mobility can help companies get as many as 240 hours of additional productive hours per employee per year. However, all is not well with the enterprise mobility world. At least, that’s what the myth spreaders will want you to believe.
Agreed, there are concrete mobile-specific security risks faced by enterprises. But the question is, at what point does the line between manageable risks and ambiguous myths become blurred? We’re here to demarcate these lines for you. Read on to get an understanding of the most common mobile security myths doing the rounds of cybersphere. More importantly, remember them so that skeptical arguments based on these myths don’t succeed in clouding your vision of enterprise mobility.
Mobile Data Encryption is Not Necessary
Well, a few years ago, when mobile devices were merely used as thin clients. In those times, mobile devices were not exactly meant for heavy data upkeep and transfers, and hence, mobile data encryption was an unnecessary addition to the entire security and maintenance task list. Today, it’s a different scenario.
Field personnel from leading enterprises, for example, use mobile devices all the day to access, edit and approve data. Price lists to customer signature images, media content to spreadsheets – the range of data and content formats used by enterprise employee on their mobiles is vast. Often, when the applications they use for data exchange are cloud-based, the data is encrypted by the application. However, for data exchange across emails and instant messengers, encryption is a must.
Mobile Security Audits are not for everyone
That’s totally untrue. For any enterprise that uses a fair amount of mobile devices in its IT ecosystem, it’s important to take care of mobile security audits. Such audits are ideally conducted biannually, because of the breakneck speed at which mobile technology is advancing. A mobile security audit must encompass:
- All downloads and uploads of data using mobile devices
- Applications logs on mobile devices registered with the enterprise Mobile Data Management (MDM) tools.
- Employee mobile device usage practices while in field
- Security methods and means used in the device
Contrary to popular belief, enterprises need mobile security audits to extract valuable insights about improving the mobile security strategy, instead of depending on MDM tools for the same.
Mobile Devices Are Inherently Less Secure Than Desktops
Well, there’s nothing inherent to mobile devices that make them more vulnerable to information security breaches than desktops. A key difference, however, is that mobile devices are always connected to the Internet. Also, a field personnel’s mobile device will be connected to networks other than the one provided by the company owned SIM card (such as public cafes, partner premise Wi-Fi, etc.). This could compromise the mobile device’s security.
However, because it’s an external factor, we can’t really deem mobile devices as less secure than desktops. In fact, when mobile phones mostly use cloud-based data, they’re actually more secure because all the data protection capabilities of the cloud vendor come to the fore. Desktops, on the other hand, store data in hard disks which are more vulnerable. Also, with mobile devices, it’s easier to manage data remotely in case the device is lost or misplaced, as compared to a PC.
Patching Mobile Devices with Latest Security Releases is Difficult
Patching is recommended as the single most effective best practice to keep malware and ransomware at bay. Patching, in fact, is a key aspect of wholesome enterprise device security strategy for cybersecurity teams.
It’s suggested that patching management on mobile devices is challenging. That’s because these devices are only intermittently available within the enterprise network. Secondly, the number of mobile devices in a mobility-focused enterprise grows so quickly that IT can always find itself chasing lofty patching goals, without actually achieving them.
In reality, IT security teams need to treat the mobile patching issue as a challenge that they need to meet. With centralized patching policies, focus on user education (and hence improving user initiated patching requests), and regular audits, IT can easily cover the extra mile.
BYOD Means Taking it Easy on Security
That’s a common misconception. Because most constraints on user experiences are mostly linked to the enterprise’s security policies, it also leads to users associating ‘ease of use’ and unconstrained user experiences with an assumed stance of relaxation and leniency in terms of IT security. However, the truth is that cybersecurity teams have to work in tandem with the mobility project team so that BYOD can be implemented securely in an enterprise. The flexibility of using one’s own mobile phone for business purposes helps significantly improve user experience, even though that is not linked with any corresponding removal of security provisions.
Allow What’s Necessary, Block The Rest – It Can Work For Mobile Too
Time and again, surveys have showcased how restrictive BYOD practices can be counterproductive to the whole purpose of mobility. At its center is the idea of enabling employees to work from remote locations and not be tied to their office desks to be able to get work done. Now whereas a ‘allow what’s indispensable and block the rest’ security philosophy can be sustained for a structured office desktop environment, the same is not true for mobile devices. Unless there are concrete and known security risks associated with personal mailbox apps, popular games, and IM apps, enterprise security would do well to not block them. At the very least, there must be an easy and quick mechanism for getting applications approved for mobile use.
Enterprise mobility is a key success enabler and productivity enhancer for the modern enterprise. The path to mobility is challenging. IT managers and leaders, hence, need to make sure that common misconceptions and myths are not able to inflate the challenges in any way.
Author: Rahul Sharma