KIANEWS Cyber security strategy for mobile devices
16. 04. 2022 Saturday / By: Robert Denes / The key / Exact time: BST / Print this page
A ccording to the Nokia Threat Intelligence Report, 6 million mobile devices are infected with malware worldwide every month. Smartphones and tablets have become an integral part of our daily lives.
The tools make it easier to collaborate, communicate, and access corporate data and thus our lives, which we would have a hard time living today without all of these tools. Security protocols are unlikely to keep pace with the changes associated with digitization, increasing security risk.
According to HMD Global, home of Nokia phones and tablets, there are a number of strategic trends that combine mobility and cybersecurity in hybrid workplaces.
Criminals do not differentiate between small and large companies. According to the Check Point Software 2021 report, 97% of businesses have faced threats to mobile devices, smartphones, tablets or PCs in recent years. By using the same tools both privately and professionally, employees expose their company even more. Attackers use a variety of tools - phishing emails, phishing (phishing in SMS), attacking devices via home or public Wi-Fi, which is usually less secure, exploiting mobile malware with fake apps, or exploiting vulnerabilities in web browsers. As I mentioned to you before, there is nothing impossible but helpless.
While 95% of successful attacks are caused by human negligence, only 31% of employees know that it is a security risk if friends and family use their devices professionally. In addition, “shadow IT,” that is, applications that are not allowed by IT management, cause weak entry points.
Mobile devices and cybersecurity precautions for hybrid workplaces... contain several elements.
1. Rely on mobile devices with security features only
Companies often assume that the lifecycle of the mobile fleet is short, so security updates are performed mostly every 2-3 years when renewed. This approach does not keep the assets adequately protected. The security of mobile devices must always be one step ahead of cybercriminals in their attack strategy. To do this, many companies need to review their strategy. By choosing a manufacturer that provides regular, ideally monthly security updates, companies can better protect their mobile fleets. In addition, up-to-date devices last longer. Companies should therefore only consider manufacturers who guarantee a sustainable upgrade policy for their devices during the purchase process.
In the Netherlands, Android is the most commonly used mobile operating system. Google's "Android Enterprise Recommended" label guarantees that your devices meet Google's stringent hardware and software requirements. By choosing devices with this label, companies can be confident that they are offering reliable mobile devices that receive important security updates and fixes.
2. Central management of devices and security regulations
Enterprise Mobility Management (EMM) solutions provide insight into the entire fleet of mobile phones, smartphones, tablets, and IoT devices, update them centrally, and define policies for what employees can and cannot use. EMM solutions also make it possible to differentiate between private and professional use within a single device, separate private and professional applications, and block applications from unauthorized application platforms.
3. Access and identity management
There are more and more opportunities for cloud attacks, more and more cell phones and connected devices, and more and more information leaks. This offers a number of opportunities for attackers to release legitimate users and hack into business systems. That’s why it’s important to know who has access to what’s within the boundaries of the business. In addition, individuals connected remotely to the corporate network must be able to authenticate. Identity-based security is an effective way to build additional protection.
4. Staff training
Workers are often cited as the weakest link in the safety chain, but they forget that safety is not the most important task for workers. Technology is therefore an important factor in absorbing human error. However, business security can be greatly improved by gradually introducing good practices such as interrogating and reporting non-routine emails and text messages, downloading applications only from well-known platforms, or providing minimal business information on social media sites. Through regular in-company training, the right cyber culture can be gradually mastered among employees and managers.
