Benjamin Schüler, Cortado: “if you don’t keep your mobile devices up to date, attackers will sooner or later target you”
When the unexpected pandemic hit the world, cyber felons had more time to exploit companies. And when everyone had to adapt and switch to remote work, some of the major vulnerabilities became unsecured devices of employees.
While companies often focus on ensuring security on employees’ computers in order to prevent cyberattacks, the protection of mobile devices is often forgotten. In reality, unsecured mobile devices can also lead to a data breach, especially if a company doesn’t keep track of what devices access the data.
As Benjamin Schüler says, it’s important to always update your mobile devices. Updates include security patches, fixing some of the vulnerabilities that could previously be exploited. To help employees have an easier and much more secure experience, there are also such solutions as mobile device management services.
That’s why we invited Benjamin Schüler, the CEO and CTO of Cortado – a company that provides management for both iOS and Android devices. Schüler shares his views on cybersecurity, threats, and their prevention methods.
Would you like to share a little bit about your story? How did Cortado come about?
Cortado Mobile Solutions was founded in 2015 in Berlin, Germany, and is part of the Cortado Holding AG group. Before the spin-off from the Cortado group, we already saw ourselves as a solution provider for mobile workers. The first software solutions were developed more than ten years back, at that time for Blackberry and Symbian systems. At that time, cloud solutions were not yet as prominent as they are today. Topics such as file access to company data from mobile devices were more focused on. In recent years, many mobile system platforms have disappeared from the market again, and Apple's and Google's operating systems have established themselves on the global market, clearly in the enterprise sector as well.
And this is what Cortado is all about. We deliver a mobile device management system hosted in Germany for mobile workers focusing on these two major players in the mobile device market.
Can you introduce us to your mobile device management solution? What are its key features?
Cortado’s mobile device management system is an easy-to-setup management solution for iOS, iPadOS, and Android devices. Our solution is developed and hosted in Germany. It offers core features such as user, device, app, policy, and profile management. These are the main building blocks to manage mobile devices effectively and securely. In addition to that, it also offers advanced security, compliance, and reporting functionalities.
The key to our solution is the ease to get the system up and running, as well as the capability to scale with an increasing number of devices and users that are managed.
What issues can arise if proper mobile device management solutions are not in place?
The major challenge for enterprises that need to deal with mobile devices in their enterprise is gaining transparency and manageability. Companies easily lose control over all clients, including mobile devices accessing their sensitive and business-critical data.
For example, employees start using their private devices to get their work done. These are devices with potentially low-security settings or no regulations at all. No company wants these unmanaged devices to be used by their employees without any chance of controlling access to their business data.
And for a fleet of company-owned devices, the IT support team can easily be overloaded with various support requests from employees with their individual needs when using the devices. This does not only include a set of required apps on the devices, but can also affect restrictions, such as allowing camera use, GPS, USB access, and more.
How did the pandemic affect your field of work? Did you add any new services?
The pandemic has led to an increasing number of people working remotely. People are getting used to working in a more flexible and mobile way. But not only just using their laptops, VPNs, or remote desktop connections, people also include mobile devices far more into their daily work. Private and enterprise businesses are merging in their daily work.
Therefore, the demand for MDM systems has increased since the start of the pandemic. To support companies dealing with the increasing demand of their employees to use their personal devices for business purposes, we launched a fully rebuilt enrolment and self-service portal in 2021. With this, we focused on supporting companies to onboard large numbers of employee devices easily, securely, and effectively.
What are some of the most concerning threats surrounding mobile devices currently?
Zero-day vulnerabilities of mobile operating systems are maybe currently the highest threat to unmanaged devices with missing OS update policies. If you don’t keep your mobile devices up to date with the latest OS security patches, attackers will sooner or later target you. Mobile device management systems can address this by immediately forcing an OS update, as soon as possible.
The next significant threat to mobile devices is from the apps that are being installed. Although Apple and Google improved their gate-keeping systems within recent years, malicious apps can create various problems. Apps might fake being another app, and users may accidentally enter their credentials into such an app. An app might also have too many permissions on the device to access local and network resources. Therefore, an app could simply transfer data from the mobile device to the attacker’s server on the Internet. Not mentioning the legal aspects of all of this. Users might use apps or services that do not comply with local legal regulations, such as GDPR. For managed devices, all of this can be addressed with app management that includes a pre-selection of allowed and blocked apps for the users.
And finally, the user can be a huge threat as well, as social engineering has increased. In Germany, for example, users are currently spammed with lots of fake SMS messages containing tracking information about packages that request the user to follow malicious tracking URLs in the message. People are not trained enough to detect such spam messages.
While many companies rush to secure their computers, mobile device security is often overlooked. Why do you think that is the case?
Because computers have been in place as working machines for decades. The full potential of mobile devices to act as working machines was detected within the last five years. And not everybody is aware of the unused productivity potential people are carrying with them in their pocket every day.
Besides mobile device management, what other security measures do you think can greatly enhance company operations?
Many technologies on the market can address a lot of different threats today. But as already mentioned before, I think that the influence of users is sometimes underestimated.
Companies should train their employees with security awareness training on a regular cycle. If people are more aware of possible threats and pitfalls, the number of security incidents that affect company operations will decrease in the long term.
As for average Internet users, what safety tools do you think everyone should have on their mobile devices?
The most important tools are part of the operating systems. First, I would recommend enabling the "Find my Phone" features on a device. This enables factory-reset protection for most modern Android and iOS devices and avoids the device being used after getting lost or stolen.
Second, use multi-factor authentication wherever possible. Especially for Apple-ID and Google accounts on devices.
If you’re an advanced user, set up a VPN connection to a trustworthy service provider. Using a VPN can be useful in certain scenarios when you want to hide your source IP address from the opposing party.
Share with us, what’s next for Cortado?
Over the last years, so many of our customers were very satisfied with our mobile device management and support services. If there were issues on the customer side, they usually arise from the devices that were selected by the customer. Especially for Android devices, the selection of devices that are to be managed can make a big difference. Google started the Enterprise Recommended program a couple of years ago to certify devices, EMMs, and carriers that work properly in the Android Enterprise ecosystem. But the procurement of the devices, either buying or renting them, is also sometimes a challenge for enterprises.
At the start of 2022, we decided to start offering what we call the "Cortado Business Phone". It's a complete package of preselected Android and iOS phones and tablets, bundled with Cortado’s Mobile Device Management subscription and optional accessories for device protection, a mobile phone contract, and device insurance. Enterprises will soon be able to use an online shop to select a business phone, including all the required services in one place.
Looking ahead, we want to bring the business phone offering to the next level, and we will add an option to rent new and refurbished devices. We know that there’s an increasing demand for refurbished devices in the enterprise segment as well. This is especially because the pricing is dramatically different from fully new devices, and companies can also easily contribute to reducing the carbon footprint of their IT infrastructure.