CrowdStrike: Best practices for mobile device security
Article by CrowdStrike A/NZ managing director Brett Raphael
Mobile phones have a huge impact on the day-to-day lives and the way one communicates with the world.
With leading mobile messaging platform WhatsApp recently revealing a major security flaw that could let hackers access phones, it's high time to reconsider safety measures for mobile networks.
Even in the corporate world, it’s hard to find an employee today who doesn't use a mobile phone to respond to emails at the least.
It’s also common for employees to use their smartphones for other functionalities like storing and accessing data from shared drives, sharing information on internal messaging platforms of an organisation and editing an urgent presentation during the morning commute.
Given the growing popularity of smartphones as all-in-one computing devices for enterprise work and everyday personal use, it’s no wonder that mobile devices have become so appealing to cybercriminals and hackers to relentlessly attempt device, network and application attacks to gain an edge.
The workforce is more reliant than ever on business-critical applications, which can access confidential information from multiple devices at any time and anywhere.
Yet security teams lack visibility into mobile threat activity, due to the inadequate, complex and difficult nature of today’s mobile threat defence solutions.
Moreover, mobile platforms have become increasingly popular attacking grounds for threat actors using tactics such as malicious apps, phishing and network attacks involving spoofing IPs or domains.
In addition, data sharing across applications, as well as taking screenshots, increases the risk of accidentally exposing data by a trusted user or intentional exfiltration by an insider.
In spite of all these risks, less than 10% of organisations globally have purchased a solution for mobile security and threat detection according to Gartner.
Here are a few measures for organisations to protect their mobile devices against cyber threats.
Endpoint protection is a must
One of the first steps to take with any endpoint protection initiative is to define what is included under the endpoint umbrella.
All items that can connect to the enterprise network to transmit and receive data should be considered endpoints.
Complete and real-time visibility into device activity is the next important step so that the security teams can hunt and investigate based on that data.
Additionally, organisations should also have safety measures directly on the network and not just individual devices.
This ensures that even if an infected device is able to access the network, the malware cannot spread to other endpoints.
This approach not only protects the devices used by staff but also ensures the security of important applications and other resources.
Mobile app shielding
As mobile devices and apps proliferate, organisations are increasingly concerned about the threats that moving to a mobile platform represents.
Security teams want the ability to monitor enterprise application behaviours such as network telemetry data and clipboard events, and they also want to be able to identify risky WiFi and Bluetooth connections.
Dynamic app shielding technology provides enhanced monitoring of third-party enterprise apps, further protecting sensitive corporate data and expanding app behaviour monitoring to include process and data access events.
Using cloud-native technology
Using cloud-native technology solutions enable real-time visibility across endpoints and their activities so that the security teams can analyse and remediate any vulnerabilities spotted.
Such solutions enable organisations to extend the definition of endpoint and encompass all kinds of compute devices such as mobile phones, laptops, desktops, servers, workstations, data centres and cloud; without requiring separate products for different kinds of endpoints.
Create an overarching endpoint security policy
It’s vital for organisations to establish an endpoint security policy for the firm.
This would tie all the company's efforts together and provide best practices for employees, including the use of authentication credentials and other security steps they should take. The policy will also spell out details regarding protection measures the company has in place and what these mean for staff members.
An effective enterprise app behaviour monitoring capability can provide the visibility and telemetry required to identify malicious behaviour, and also provide visibility into insider threats, unauthorised or accidental data exposure, and network spoofing.
These capabilities enable the Endpoint Detection and Response (EDR) solutions of the companies to view mobile devices, search for events, and easily manage and enrol devices.