Essential Guide

Browse Sections
This content is part of the Essential Guide: An IT security strategy guide for CIOs
News Stay informed about the latest enterprise technology news and product updates.

IT battles the top three mobile security threats

These common mobile security threats are rapidly growing due to user negligence, and because IT doesn't always know the best ways to combat them.

Mobile security threats are on the rise, and it's up to IT pros to keep up with the best ways to protect their organizations' data.

Threats such as mobile malware are increasingly common, and best practices to combat them are evolving, said Doug Grosfield, president and CEO of Five Nines IT Solutions, an IT consultancy in Kitchener, Ont.

"The number of threats is growing, but so is the number of ways to protect yourself," Grosfield said. "It's about staying educated to stay protected."

In addition to malware, data leakage and the threats from user error have grown more common in the mobile era. Many businesses lack in their approaches to warding off these potential risks.

Mobile malware

IT has allowed mobile malware to become a rapidly growing threat by not properly addressing it, Grosfield said.

Some companies try to combat mobile malware with the same technologies used on desktop PCs, such as antivirus software. But mobile malware is a different ballgame. It often comes from users downloading compromised apps that have made their way into Apple's App Store or the Google Play store. 

More than 95% of businesses have no protection against mobile malware, according to a report from enterprise mobility management vendor MobileIron, which aggregates data from its customers.

App reputation and mobile threat prevention platforms from companies, such as Appthority, FireEye, Check Point Software Technologies and others, can help protect against faulty or malicious app store apps. Those tools identify which apps have malware and allow IT to automatically quarantine devices that download them.

Cloud data leakage

The growth of cloud-based storage and file-sync applications has increased the potential for data leakage. Employees may store or share corporate content on consumer versions of tools, such as Dropbox, Google Drive and Microsoft OneDrive, which can lead to data loss, and may not comply with an organization's security and regulatory policies.

But data leakage is addressable, said Robby Hill, founder and CEO of HillSouth, an IT consultancy in Florence, S.C. Many IT departments combat cloud data leakage by blacklisting apps they don't want employees to use.

It's harder to stop a person who is intent on taking information, but you can mitigate the accidental scenarios.
Robby Hillfounder and CEO of HillSouth

"It's harder to stop a person who is intent on taking information, but you can mitigate the accidental scenarios," Hill said. "Create some hurdles to make it harder for it to happen."

But adding roadblocks only forces employees to find workarounds to get their jobs done, said Jack Gold, principal and founder of J. Gold Associates, a mobile analyst firm in Northborough, Mass.

"Blacklisting apps doesn't solve the issue," he said. "With every app you block, the employee will find three others to use." 

Of the top 10 blacklisted apps in corporate IT, five of them are cloud file-sharing applications, according to the MobileIron report. IT is better served by approving apps that employees are allowed to use, Gold said. It's important to include some alternatives to unsecure email and file-sharing platforms. For example, IT can ban users from sharing corporate documents over personal email accounts, such as Gmail, but it might approve the enterprise versions of Box or Dropbox.

"The bottom line is to get the users on your side by solving their needs, so they don't look to get around your roadblocks," Gold said.

User error

Many employees put their organizations at risk by ignoring security measures IT puts in place, or even losing their devices.

Unsecured devices are an all-too-common problem, Grosfield said.

"You could walk through a crowded coffee shop or airport lounge and pick up half a dozen smartphones that don't have a screen lock, or are not encrypted and have access to their corporate data, email apps and [virtual private network] clients," he said. "Many people are still failing to protect their devices by leaving the door wide open."

In some cases, employees remove the PINs from their devices, or try to remove IT's mobility management software. In these scenarios, IT can quarantine a device, restricting the employee's access to corporate content until they maintain compliance. When a device is lost, IT can perform a remote wipe of the work container, or the entire device, to protect corporate data.

Twenty-two percent of enterprise customers had users who removed PINs from their phones, and 33% of companies experienced lost or stolen devices, according to the MobileIron report. It's important to reinforce policies that prevent employees from bypassing security measures in the first place. With these three mobile security threats in mind, organizations can better prepare for securing corporate content, while still enabling mobile workers.

Next Steps

MDM vs. MAM for mobile security

Look beyond malware for mobile security

The numbers behind enterprise mobile security  

Dig Deeper on Enterprise mobile security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What are the biggest mobile threats facing your organization?
We're carefully considering the impact of malware and data loss (i.e. theft). Mobile combined with BYOD laissez-faire has us aware that real danger is close by. I'm not sure hunkering in terror is the best approach to these ongoing, worsening security threats, but that seems the best the industry can do for now.
Blacklisting apps that you don’t want people to use typically has a negative effect as the people push back. It’s much better to work with them to either move them onto a sanctioned app or identify which needs they have that are not being met by sanctioned apps, and work with them to get that need met.
I'd say human factor here is the riskiest. For some reason, many take a long time to get used to security policies and procedures. Although, same goes for hand washing and flossing :)