Nearly every enterprise these days has a critical component of their work environment powered by mobile devices. Indeed, we estimate that well in excess of 50% of workers employed mobile apps as part of their work before the current pandemic hit, and we estimate that has now increased to greater than 85% of users who work from home at least part time. With the critical nature of mobile in not only large businesses but smaller organizations as well, it’s imperative that companies maintain a secure posture for their devices and user apps. But are they doing so? Not so much…
In its recent Verizon Mobile Security Index for 2020, Verizon found that an alarming 43% of companies had sacrificed security getting their mobile solutions deployed, while 39% admit to having had a security breach that impacted their business (an increase from 33% in 2019). And while in the past many companies would say they may have sacrificed security due to lack of resources (funds, expertise), Verizon found that 62% said they compromised security for the sake of expediency, while 52% did so for convenience and 46% did so to maintain or increase profitability. Only 27% and 26% respectively compromised security for lack of budget and lack of expertise.
This is truly an appalling set of statistics. It’s highly unlikely that any organizations would have done this poor a job of security if it were related to traditional PC and/or server environments. Further, no company would be paying for a SaaS application or cloud installation if they were given similar statistics from their provider. And what’s all the more alarming is that since the current situation of work from home is so prevalent, the number and usage factor of mobile apps has increased dramatically, making this even more of a problem as the percentage of security breaches will likely continue to increase as well.
Our research shows that a typical mobile security breach in a large organization can cost millions of dollars. And the ultimate cost is increasing with more and more regulatory penalties being brought to bear by both local and federal laws (in fact, in Verizon’s report, 29% said they suffered a regulatory penalty as a result of a security breach). But the less easily measured monetary-specific impacts are equally penalizing, as any security breach will result in user downtime and increased IT workload, data loss or compromise, potential compromise of other devices through cross-infection, and loss of business and/or reputational damage.
First and foremost companies must take an inventory of the number of mobile devices being used, the specific apps deployed for use, and the connection methodology that allows users access to corporate systems. You can’t fix a problem that you don’t know about, and few companies today do an actual inventory of all the mobile systems in use.
There are tools to help with this task (e.g., Unified Endpoint Management, UEM, can provide logging/discovery capability), but not all companies have such tools in place, even though they should, If you don’t already have one, there are several UEM tools available as a service that can be employed (e.g., BlackBerry, Citrix, Microsoft, MobileIron, VMware).
Mobile security can be a daunting task with many potential pitfalls to protect against. Knowing the key security exposure mechanisms can help you determine the best approach to security for your mobile users. Here are several areas that you should be concentrating on.
The above is clearly not an all-inclusive list of potential security threats, but is a good start to securing your mobile users. Mobile devices can be powerful productivity tools for users, especially in the current remote work environment, but organizations need to take steps to educate users on best practices and deploy necessary tools and infrastructure to secure those devices. Failure to do so will expose companies to potential malware, data breaches and significant penalties. Make sure your organization takes the required steps, and don’t expose your organization for the sake of expediency.