If recent events have taught us anything, it’s that when it comes to organizations handling data, consumer distrust is at an all time high. End users have become increasingly wary of where their data goes, how it’s being used and who can access it. Although Facebook’s data privacy policies may be dominating the current headlines, data protection is a global issue for companies of all sizes. And one that should not be taken lightly.
In an attempt to tighten data regulations across Europe, the EU has made amendments to the General Data Protection Regulations (GDPR), which will overhaul how businesses process and handle customer data. With the majority of traffic now occurring on mobile, IT teams have every right to be concerned about how their corporate devices are secured.
Here are four reasons why organizations should implement a mobile-first security strategy ahead of the May 25 regulation changes.
1. Attackers have a higher success rate on mobile
Phishing is commonly accepted as the #no1 threat to enterprise data. The issue is so widespread that the number of phishing attacks is doubling year on year, with a new mobile phishing site being created every 30 seconds.
Why is this number so high? Well, it works. Research shows that 90% of breaches last year started with a “phish” and users are three times more likely to fall for phishing on mobile than desktop. Mobile is a preferred vehicle of attack for a variety of reasons: the smaller screen size means that it’s harder to inspect suspicious looking URLs and the on-the-go nature of the device encourages users to act less cautiously. With more chances of getting their hands on your PII, it’s no surprise that malicious actors are crafting their attacks for mobile.
2. Organizations lack visibility across device fleets
Although some firms make use of Enterprise Mobility Management (EMM) tools to administer application usage on corporate owned devices, this level of security leaves gaps when it comes to preventing data leaks.
When the new GDPR regulations come into action enterprises will be held accountable for any device that is able to retrieve ANY customer data. Whether it be an internally configured laptop, or a BYOD mobile device. The only way to prevent an attack on a mobile device is to invest in a security solution that affords full visibility, ensuring that if an employee does install a piece of malicious software, the organization is aware that this installation took place and can intercept traffic to any malicious third parties.
3. Mobile vulnerabilities can be easily exploited
Vulnerabilities are known as the ‘lurking culprits’ within your mobile fleet. You would likely never know they were there until one was specifically exploited. These weak points are flaws in operating systems that third parties exploit in order to gain access to devices and the valuable data they contain – through MiTM (man-in-the-middle) attacks, or other exploits. Wandera’s unique Wi-Fi security research revealed that 4% of devices within the average 100 device firm will be subjected to a MiTM attack each month.
The research also uncovered that the average corporately owned mobile device connects to 12 different WiFi networks a day, leaving these devices incredibly vulnerable. Every cafe, shop, gym, restaurant etc. offers a service of open Wi-Fi connectivity to their customers – often with no security, encryption or privacy.
While one strategy might be to sit and wait for breaches to happen, a smarter approach is to identify potential exposures before they are exploited. Investing in a robust security solution that can give organizations the ability to detect risky configurations and other vulnerabilities in their devices can help secure data from being leaked.
4. Corporate devices are used like personal devices
Many enterprises rely on mobile devices to aid flexibility and productivity within their organizations, however, few are able to monitor what content employees access when they’re not connected to the office network. Having devices in your IT infrastructure that can access all corners of the internet introduces risk to your business.
Wandera research discovered adult and gambling content categories are far more likely to leak data, employ unencrypted technologies and otherwise expose organizations to risk. Hundreds of the apps installed on corporate devices may be accidentally or maliciously built, transmitting sensitive data without encryption and posing a serious risk to the enterprise. Understanding and blocking the apps that are exposing data is critical to minimizing the chances of your next breach.