Increased Mobile Device Use Leads to New Security Risks

Posted on June 04, 2015

According to the SANS Institute, the number of mobile devices in use at many corporations is starting to overtake the number of fixed desktop PCs and laptops. Jared Hansen, CEO and founder of Breezy, the secure mobile printing leader, says that the budget for mobile security seldom keeps pace with the rapid growth in the number of mobile devices in the workspace.

"We're starting to see some improvement, as more and more enterprises realize just how much sensitive data their employees are storing on mobile devices, but training for mobile security solutions and training still hasn't kept pace," he says.

"Companies still want an "install it and forget it" solution, and that just doesn't work in an environment that changes as rapidly as mobile devices," Hansen adds.

Part of the problem is that IT does not control which of the millions of consumer applications mobile device owners install on their smartphones and tablets. Since many of the most popular applications contain basic vulnerabilities, and most users assume their company's EMM solution will protect them no matter what apps they run, it's nearly impossible for IT to keep up with the security challenge. "Traditionally, IT has focused its security approach on network connections, but with mobile devices, the focus has to include applications " not just connections," he says.

The Problem of Insiders With (or Without) Malicious Intent

Internet analyst Mary Meeker, not an executive with VP firm Kleiner Perkins Caufield & Byers, issues her must-read Internet Trends report every year, and this year, Meeker highlighted the increased part mobile devices play in security breaches. Two important trends she noted are the increase in adware -- meaning that people's personal data is becoming much more ubiquitous and easier for hackers to seize " and that more than 20% of data breaches come directly form insiders with malicious intent.

Meeker also points out that almost 70% of breaches aren't detected by the company that suffered the breach, but by outsiders. Here are the slides from Meeker's 2015 report devoted to mobile security. Hansen says that every point on each slide should be carefully considered by IT pros.

Passwords for Mobile Users Who Choose Simplicity, Not Security

When the Starbucks app was used to obtain personal details and gain access to financial accounts, the company reported that no customer data had been breached and the issue stemmed from weak passwords selected by end users. "The truth is that, unless a password policy enforces strong passwords, many users will choose simplicity over security," Hansen says.

Given the problem with applications and man-in-the-middle attacks on mobile devices, a strong password policy is one of the ways any company can make it harder for thieves to access company data, he adds. "You need a strong EMM solution that includes secure mobile printing and on-device encryption," he points out. "But your employees also need strong passwords that protect their devices and their data."

It's a proven fact that people can't be bothered with remembering complex, long passwords every time they need to access their smartphone. And, since the end user is the final arbiter of passwords, this is where many data breaches happen. "By establishing, and enforcing, a password policy that requires stronger passwords before a device can access company data, you're taking an important step in protecting that data," Hansen says.

For instance, if your policy requires that employees can select any password they want, so long as certain protocols are followed, it's harder for a hacker to decode passwords. For instance, a policy that requires that passwords be changed every 60-90 days, and that certain simple substitutions be used, can go a long way towards protecting your information.

One large telecommunications company requires that passwords change every 60 days. The first time an employee connects to the network, they are prompted to select a password that includes these substitutions for common characters:

The next time the employee changes his or her password, a different set of substitutions is required. For example:

Since each employee is on a different password schedule, depending on when they first connected to the network, this kind of rotating substitution schedule means that different employees will be using a different "code" for passwords. "It's not a complete solution, but it's a start," Hansen says.

Breezy adds an extra layer of protection to the mobile devices that connect to your network or store your data. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now. If you're a MobileIron user or are in the Bay Area or Silicon Valley, stop by to see Breezy during MobileIron's Mobile First Conference, June 9-12, 2015, at the Hilton Union Square in San Francisco. There's still time to register " click here to register now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.