In 2004, the National Cyber Security Division under the Department of Homeland Security first conceived of National Cybersecurity Awareness Month. Every October since then has been used as a time for the U.S. government and participating cybersecurity firms in the private sectors to raise awareness about the cyberthreats facing our daily lives in the 21st century.
This year, NCSAM 2016 will consist of five weekly themes, the first of which is “Every Day Steps Towards Online Safety with Stop.Think.Connect.™” In step with this theme, we’ve decided to focus this first blog post on one of the most prolific trends in cyberspace: mobility.
What does the mobile threatscape look like?
It’s fitting that October is also the time of year when people in the U.S. celebrate the supernatural, because at the moment, the mobile cyberthreat landscape is terrifying. From government agencies to financial institutions, the inclusion of mobile devices in business operations is raising a long list of concerns including the threat of lost or stolen devices, shadow IT, connections to non-secure networks and more.
“Networks are inclusive of everything from smartphones to smartwatches and beyond.”
However, enterprise mobility isn’t a trend that businesses are ready or willing to shy away from. The opportunities for return on investment are too substantial to start backpedaling now. Hospitals are using tablets and smartphones to take notes and access patient medical records as they move between wings of a facility, or to remotely track out-patient vitals. Banks and credit unions are starting to offer customers mobile applications that make banking more convenient. Not to mention, new reports suggest that many industries will soon add wearable technology to their arsenal of mobile devices.
Keeping track of mobile and remote endpoints was hard enough when we were just dealing with laptops. Now, business networks are inclusive of everything from smartphones to smartwatches and beyond.
Mobile cybersecurity: A checklist
Naturally, mobile endpoint security is a complicated endeavor since there are literally so many moving parts involved. However, there are a few overarching checklist items that organizations must consider as they attempt to mitigate risks associated with mobile devices. Let’s take a look:
- Layout clear company policies for mobile: Whether you’re allowing bring your own device or you’re distributing corporate-owned, personally enabled devices, it’s vital that any mobile endpoint that will be used for work purposes adhere to a well-defined set of boundaries. These need to be official, enforced and implemented across all departments of your organization. End-user awareness is the best defense against targeted threats such as phishing schemes, and it can abate careless user activity.
- Know what endpoints are accessing your network: This is vital to not only ensuring that your employees are adhering to best mobile practices, but also to being able to detect anomalous behavior – be it within the organization, or at the consumer level (i.e., unusual mobile banking activity). At the end of the day, every interaction that a mobile device has with your network is logged and recorded. It’s really just a matter of knowing how to identify suspicious or unusual activity.
- Deploy a mobile management solution: To be fair, there are countless mobile security solutions, and enough initialisms (MDM, EMM, MAM, IAM, etc.) representing them to give your CISO or CIO a pounding headache. That said, having a methodology in place to remotely protect lost or stolen endpoints is a vital aspect of incident response. You need to have an awareness of what mobile management solutions are out there, and which ones are necessary to respond to threats in your unique mobile environment.
Are you ready to protect your mobile IT environment?
With so many different types of mobile devices connecting to your network from such a vast array of locations, checking off all three of the above items is a lot easier said than done. There are so many intricacies involved in developing mobile policies, and so many people who have to be included in that process. Threat detection in such a dynamic endpoint ecosystem is sort of like trying to pick misshapen snowflakes out of a blizzard. And with so many different mobile security offerings at play, it’s not always easy for IT managers to make the best use of the funding available to them as they attempt to secure the network.
The best advice we could give you here is this: Don’t try to do it all by yourself. Work with a cybersecurity partner capable of helping you answer this question: “Am I safe?”
This is part one of a five-part series in observance of National Cybersecurity Awareness Month.