Corporate security teams are responsible for an expanding attack surface due to increased flexibility in where employees work from. Most organizations that primarily employ knowledge workers, traditionally operated out of corporate offices prior to the onset of the COVID-19 pandemic. Now, employees are working from their couches, kitchens, backyards, and the like, on their home networks. Not exactly the types of environments established cybersecurity measures are equipped to cover. On top of existing employees dispersing to work from home, the new norm of remote work has empowered HR teams to hire talent without concern for geographic limitations. These new hires will likely not need to visit company headquarters more than twice per year, or perhaps ever.
So, how do you protect corporate data on devices used by employees to execute job functions as simple as responding to emails?
A good place to start when it comes to preventing mobile security incidents is educating your workforce about the hazards of downloading potentially malicious apps to mobile devices. These hazards are often data loss (both corporate and PII) and stolen credit card information. This “safety talk” is particularly important to do if you have a BYOD policy, or similarly, employees use corporate devices for personal purposes. In the instance of employees using personal devices for business, they have free rein to use their iOS or Android devices however they wish in their spare time. This includes playing games, scrolling through social media, browsing the internet, messaging friends, and so on, via apps. While it’s estimated that a BYOD policy can save companies around $3,150 per employee per year, it introduces mobile security risks if not implemented correctly.
Some indicators that a personal or company-owned phone might already have malware installed include:
- The battery drains quickly
- More ads than usual pop up across all apps
- Additional apps the user didn’t download appearing on the phone
- Unfamiliar app store or credit card charges
Beyond workforce cybersecurity education, it is highly beneficial to deploy an encrypted, containerized application workspace for devices used for business. SyncDog, for example, offers an enterprise-ready Trusted Mobile Workspace environment that is FIPS 140-2 compliant, AES 256-bit encrypted. The application keeps all corporate data within it secure, while avoiding invading the privacy of employees. SyncDog offers a full end-to-end security platform that protects the device, encrypts all your corporate data while on the device and while being transmitted, and combines all this with its Mobile Threat Defense capability to detect and protect against malware, phishing attacks and other corruption approaches. So, if an employee downloads an app outside of the container, that ends up being malicious, the data within the container is safe. It’s also important to note that operating systems (OS) can’t be completely trusted for mobile security. Both Android and iOS have their share of flaws. Using a mobile security solution on top of the OS adds an extra layer of protection and peace of mind for security and leadership teams.
___
Learn more about how you can secure your remote or mobile workforce without hindering productivity: https://www.syncdog.com/request-a-demo/