Author: Phil Muncaster
Date published: July 24, 2024
Mobile devices can help play a key role in supporting employee productivity and maintaining work-life balance. But just as it offers users a route to access key corporate data and systems while out of the office, it could also provide the same pathway to nefarious actors. The challenge for organizations is finding the right balance between enterprise mobile device security and end-user productivity.
Mobile devices have helped to change how the world works. Whether they're corporate-owned or bring your own device (BYOD), smartphones can help support the "work-from-anywhere-and-anytime" mindset that hybrid working policies often demand. But this intersection between humans and technology can also create risk that mobile enterprise security teams need to manage.
As outlined in Verizon's 2023 Mobile Security Index (MSI) report, the main threats stem from:
One of the biggest mobile enterprise security risks is human-shaped. Three-quarters (74%) of all breaches involve the human element, according to the Verizon 2023 Data Breach Investigations Report.1 Cybercriminals can use the smaller screens, hidden URLs and simplified interfaces of the mobile device to their advantage. And users are often distracted when using their smartphone. That's why the average user is six to ten times more likely to fall for SMS or text-based phishing attacks (also known as smishing).
Employees might be more likely to disobey corporate security policies when out of the office. According to one study in the Harvard Business Review, 67% of remote workers reported failing at least once to fully adhere to cybersecurity policies. On average, the study found that one in every 20 cybersecurity policies were not complied with.
One survey found dangerous internet practices are widespread, with 80% of public Wi-Fi users not protecting their devices and 84% of internet users having unsafe password practices (such as using personal information).
The very nature of how mobile devices operate generates several threats to enterprise networks:
Convenience: Mobile devices are highly portable, making it more likely they'll be lost or stolen. Fortunately, this risk is relatively easy to mitigate with remote lock/wiping functionality.
Connectivity: Devices can connect to any number of networks when their users are on the road. According to Lookout, 92% of remote employees perform work tasks on their personal devices. Using public Wi-Fi can also lead to compromise, particularly if as many as 80% of public Wi-Fi users do not protect their devices.
Lack of enterprise control: Organizations often have less visibility over mobile devices than traditional fixed corporate assets. Almost a third (32%) of hybrid workers use apps or software not approved by IT, according to Lookout.
Cybercriminals are always devising new ways to circumvent enterprise security for mobile devices. Telephone-oriented attack delivery (TOAD) blends smishing and vishing (voice-based social engineering) to make attacks more successful.
If your organization is facing some or all of these mobile enterprise security challenges, it's time to find a set of solutions that balance robust security with a seamless user experience. Fortunately, as the MSI notes, there are plenty of enterprise mobile device security options. Consider the following steps:
Regular training sessions, held in bite-sized chunks of 10 to 15 minutes, can educate employees about the importance of mobile security and change behaviors for the better. The goal is to turn them from a weak link into a formidable last line of defense against mobile threats.
Updated policies, which take account of user productivity needs without compromising on security. For example, multi-factor authentication (MFA) can help minimize the impact of phishing without disrupting user workflows. However, MFA can provide a false sense of security and MFA spamming attacks can take advantage of user fatigue.2 Requiring users to respond to MFA notifications by inputting a code can address this issue.
A zero-trust approach to security can help mitigate risk across the distributed mobile environment. It's about continuous authentication for all users and devices, combined with network monitoring and segmentation, and other controls. Verizon offers various options for enterprises, including Zero Trust Dynamic Access and SASE Management.
Mobile device management (MDM) is a useful way for your IT department to gain visibility and control over end-user devices. Verizon Mobile Device Management delivers remote enforcement and management of security policies, device diagnostics and remote lock/wipe functionality.
Mobile threat defense (MTD) delivers protection against device, network, application and phishing attacks. It can be used in combination with MDM to enhance enterprise mobility security management.
Fixed wireless access (FWA) is wireless technology that enables fixed broadband access using 5G or 4G LTE radio frequencies instead of cables. If your company provides an LTE or 5G broadband solution to employees, it could enhance IT control while potentially reducing back-end admin costs, and even help improve reliability for the end user.
To gain more insight into the mobile threat landscape, check out Verizon's latest MSI report.
The author of this content is a paid contributor for Verizon.
1 Verizon, 2023 Data Breach Investigations Report, page 8.
2 Verizon, 2023 Mobile Security Index, page 8.