It is not surprising that more and more enterprises are looking for ways to gain granular control over their mobile estates. Typical security advice is too high-level to be of practical use.
In Wandera’s recent analysis of mobile security, data usage, trends and traffic patterns across its global network of enterprise mobile devices, it identified three of the most important areas to look at to proactively protect a mobile estate.
Fundamentally, it begins with gaining insight into what devices are being used and where, what sites are they visiting and how, and when and how are they connecting to the internet?
These basic questions will first of all give organisations an idea of how their employees are using their devices, and the intelligence to begin practical protection and effective end-user education.
It’s important to be aware of the strengths and weaknesses of different devices. If an organisation lets its employees bring their own devices (BYOD) or choose their own devices (CYOD), it needs to be aware of the vulnerabilities of each handset.
For example, Wandera’s research showed five times more instances of app password leaks on Samsung devices than on iPhones, highlighting the fragmentation of Android app stores.
In order to tackle this issue, businesses using Samsung devices need to take extra steps to make sure their employees’ devices are kept up-to-date with software updates; that they do not download clones of popular apps; that they use only legitimate app stores; and that they read all the relevant app permissions.
In the case of Apple devices, access to malware and spam is actually twice as prevalent on an iPhone in comparison to Samsung. The key to keeping any device secure is recognising what each employee’s device is susceptible to given the manner of its individual use.
2. Exploiting connections
The next step is to know how devices are connecting to the internet. There is an increasing concern and focus on the traffic crossing Wi-Fi networks on employee-owned smartphones and tablets.
Every minute an employee’s smartphone Wi-Fi is enabled (but not connected), in its attempts to re-join learned Wi-Fi networks it is broadcasting details of every Wi-Fi network that it has previously joined, regardless of whether that network has encryption or not.
This information is relatively easy to access and can reveal a lot about the person concerned, such as which coffee shops they visit, which gym they work out at or which airports they’ve been to.
Public Wi-Fi networks present a further threat because devices can connect to them automatically without any user interaction, and hackers exploit this always-on connectivity by crafting rogue hotspots.
Once an employee is connected to a rogue hotspot, a hacker can transparently view, intercept and change data flowing to and from the device’s browser and apps. Even in instances where traffic is encrypted, hackers can spoof certificates to enact man-in-the-middle (MitM) attacks on sensitive data such as Exchange email traffic.
However, if informed, employees can take simple steps to protect themselves by turning off Wi-Fi, regularly resetting network settings, and avoiding open or free public networks.
3. HTTPS and browser malware
Browser threats are commonly ignored by the mobile security community when it comes to mobile devices. This is the weakest link and a vector for the next growth phase of mobile malware.
Wandera’s analysis showed that the most visited malware sites by its customers’ devices are all on a .ru domain name, such as darangi.ru and molotman.ru. These are often pornographic sites and necessitate caution.
But the good news is that the use of HTTPS – the secure network protocol – is on the rise, reaching 46% for browser traffic (increase of 7% in 12 months) and 61% for app traffic (increase of 9%). Employees need to understand and use HTTPS wherever possible to mitigate needless threat vulnerability.
CISOs need to seriously consider implementing real-time security services for their mobile devices, but, above all, effective protection begins with user education. Security training and education has to informed and practical.
This requires real-time analytics and granular insight into data at both the admin and end-user level, so that activity on the device and in the data stream can be understood.
Without correct real-time information, organisations are effectively flying blind, lacking a true understanding of the threats their employees, business and data are facing.
Sourced from Eldar Tuvey, CEO, Wandera