How to lower the risks of mobile endpoints
We now spend an average of three and a half hours on mobile devices per day. At the same time, whether to allow work from home, while traveling, or to enable 24/7 monitoring of sensitive services and equipment, organizations have turned to letting their employees use their own mobile devices.
This resulted in increased productivity, or an average of 37 minutes saved per week, according to a Cisco report. Employees using their own devices can work on the go and make use of dead-times. But at the same time, such a decision poses a number of risks.
The threat of mobile endpoint hacks
The immediate and obvious downside of enabling people to work from their own laptops, tablets, smartphones, and other mobile devices, colloquially named mobile endpoints, is the fact that a great deal of sensitive company data will spread across a variety of networks and devices. More often than not, they are not as secure as the ones directly managed by your company.
The risks are more extensive and immediate than you think and they come in three types:
- Application liability
- Device exposure
- Network-based risks
Let’s go through each of these in more detail to learn about the kind of exposure you’re dealing with, as well as illustrate possible solutions for each type.
Application-based risks are prevalent because apps are the predominant way that sensitive data will be accessed on smartphones and tablets. Some of the most common application threats are intrinsic software vulnerabilities in what concerns data storage and transfer, as well as malware and trojans that can extract information from a device without user’s permission.
Following these, many apps display unsafe behaviors that can expose your organization to legal penalties by means of compliance breach. What’s more, with bring your own device (BYOD) policies, there’s always the risk that applications might be downloaded and installed from unofficial sources.
To minimize these types of application liability, you’ll need software capable of performing constant app analysis on the devices that are not owned by the company yet have access to sensitive data. From knowing the entire list of apps that run on these mobile gadgets, to the percentage of devices using them, and even down to the precise version and all known vulnerabilities of each app, this is invaluable information that will help minimize and prevent application-based security breaches.
Two of the most frequent device-based riskas are built-in software vulnerabilities and the compromising of devices by changing their stock firmware with a modified one, also known as custom ROM.
Installing a custom ROM is more popular among Android users, as the technology’s open-source model allows to freely modify its code. The corresponding method for iOS is jailbreaking, and it is arguably much harder to perform as iOS source code is not publicly available. In both cases the person has to bypass the stock firmware to gain privileged control of the device.
These techniques present medium to high risks for the privacy of your company’s information, but they are not the only way that employee devices can become exposed. Behavioral anomalies, out-of-date software, as well as improper configuration are just as likely to pose dangers to mobile endpoint security. The best way to deal with device-based risks is creating and monitoring the fingerprint of each extrinsic device.
Last on our list, network threats might actually be more predominant than other types of exposure. The most widespread network risk is that of a Man-in-the-Middle (MitM) attack, which commonly occurs when a third party tries to put themselves between a smartphone and its connection to the web. Perpetrators will often try to impersonate, duplicate, or corrupt wifi hotspots to intercept network traffic and gain access to your data.
Other MitM techniques are SSLStrip attacks and TLS protocol downgrades. The first aims to do away with the encryption offered by secure HTTPS websites, while the second attempts to force the device into using a less secure communications protocol, i.e., one that is not encrypted. Therefore it’s crucial that you monitor network connections as much as possible and educate your employees on mobile endpoint security.
Managing mobile endpoint security with a VPN
If you want all mobile endpoint devices to comply with security policies before they gain access to company information, the COPE (corporate-owned, personally-enabled) business model is the most appropriate and secure way to provide security to mobile connections.
However, this is not as cost-effective or as sustainable as BYOD, not to mention that SMBs won’t be able to cover the initial expenses associated with such an investment. Furthermore, you will have to guarantee secure access to your internal network by setting up a remote-access Virtual Private Network (VPN).
While you will still need to monitor app liability and device exposure, there’s a simple and affordable solution to mitigate network-based risks in the form of a VPN service. These VPN providers have done all the work for you, from the required investments to hardware setups, software programming, network configurations, and even specialized staff to maintain the architecture itself.
Choosing the right VPN for managing mobile endpoint security
Not all VPNs are as secure on mobile devices as they are on desktops. Therefore we recommend to choose only from the best Android VPNs and the best iOS VPNs for your mobile endpoint security management.
In judging between different options, security should be your top priority, but cross-platform compatibility, good speeds, 24/7 customer support, as well as affordable pricing must also be taken into consideration. All providers on the lists above score high across the board, which is why we believe that picking any of them is a perfect way of lowering the risks of mobile endpoints.