Cybersecurity threats present challenges for today’s data-driven business organization on several fronts: protection of assets, business competition, regulatory compliance, customer loyalty and financial losses. Unfortunately, businesses must strengthen their security capabilities to meet with evolving security threats as cybercriminals exploit new vulnerabilities. Traditionally, companies have focused on perimeter management: preventing attacks from external sources into the company network. Technology trends such as IT consumerism, mobile computing, cloud computing, and Internet of Things (IoT) have transformed the security landscape, necessitating appropriate changes in cybersecurity strategies and practices:
Smartphones have emerged as the single greatest risk to security in 2016 presenting a diverse range of attack vectors to corporate network. Smartphones are susceptible to machine-to-machine attacks, malicious apps, and fingerprinting through random web browsing. BYOD programs can intensify the problem but also provide a valid opportunity to control the situation and establish security measures. As trends like Internet of Things and wearable computers increase, the same concerns can be extended and managed. Enterprise mobility management solutions lock down unnecessary device functionality, preventing cybercriminals from gaining unauthorized access by compromising vulnerable endpoints.
The most powerful security measure available to any company is education of its employees and partners. Most users of compromised mobile devices fall prey to cyber-attacks due to inadequate knowledge and skills in identifying and avoiding the attacks. Education provides that knowledge and builds a foundation for company policies and procedures concerning system security. Conduct mock attacks in-house to identify areas of knowledge deficiencies among your employees and plan for a tailored employee education program.
Manage and Enforce Cybersecurity Policies
Companies have built security policies for years and emerging technologies may seem to void every established policy. Rather than rewrite all policies, identify how these technologies can strengthen existing policies and maintain them. Having clear policies is the best means of holding employees and technical staff accountable to the protective shield the company requires.
Most consumers do not use simple authentication to access the contents of their mobile device. Most devices, by default, will ask for a password assuming the user is the owner. If allowing the user to access company data through their mobile device, the user should be forced to enter at least a username and password in accordance to company policy.
Especially with BYOD programs, registering compatible devices with the company must be a requirement to ensure the device is listed. Any unregistered device obtaining access should be investigated. Programs can be expanded to provide recommendations on devices based on security ratings or incentives to assist in purchasing devices from an approved device list.
Control over downloaded applications is essential to prevent unsuspected malware from being installed. For instance, Google for Work allows companies to define approved applications for download from a customized app store. Another possible solution is partitioning the device for personal and professional use where respective applications reside without interfering with the other partition.