Graphicroyalty - stock.adobe.com
4 mobile security best practices for enterprise IT
Organizations should look to update their mobile security best practices due to COVID-19. IT must incorporate BYOD access to corporate data and other new mobile capabilities.
Due to the COVID-19 pandemic, many employees working from home use mobile devices to access corporate data and communicate with their coworkers.
However, this remote use of mobile devices is forcing IT administrators to readjust their mobility strategies and mobile security best practices.
Mobile administrators typically rely on enterprise mobility management (EMM), mobile device management (MDM), mobile application management (MAM) or other platforms to manage enterprise endpoints in the field.
Products such as BlackBerry UEM incorporate mobile threat defense (MTD), while other offerings such as SimpleMDM focus solely on managing basic settings of mobile devices. Regardless of an organization's existing mobility policy, IT departments will need to keep pace with the changing threat landscape with these four mobile security best practices.
Implement intelligent MTD
Mobile security policies can no longer be static, and administrators must shift to dynamic mobile security best practices. IT should consider MTD platforms that can detect abnormal user behaviors and take actions such as locking users out, blocking the device or enforcing multifactor authentication (MFA).
Mobile users are constantly on the move, even during the pandemic, and one of the best ways to protect their corporate data is with security policies that automatically adjust and respond to changes in user behavior and location. Products such as BlackBerry Persona and McAfee Endpoint Security ATP are examples of AI-based MTD offerings that search for abnormal behaviors and adjust the mobile devices' access and permissions accordingly.
Look for all-in-one management platforms
To simplify device management and endpoint protection on the administrative side, IT admins should look for platforms that encompass all their needs with a single console. By adopting a unified endpoint management (UEM) platform, IT can use one portal and one product to manage security, devices, application deployments, OS updates and more.
Some organizations use one platform for MDM and another for security, but this adds more complexity and cost. Additionally, many vendors that offer MDM and EMM products have consolidated these platforms into UEM offerings.
Adjust security plans to account for BYOD
Not all organizations issue mobile devices to their employees, and it presents more management challenges for IT when users rely on their own devices for work purposes. These personal devices, known as BYOD, don't offer the same amount of control for mobile admins, and they can't always push out the ideal security controls.
More organizations are allowing their employees to use their personal devices, especially during the pandemic as IT departments want to enable remote work without running up costs. During this BYOD rollout, IT will have to consider mobile security best practices and platforms that are designed to support BYOD deployments.
Ideally, organizations should find an all-encompassing platform that can handle the unique needs of BYOD management, but many organizations already have established management platforms that work for them. BYOD management is not something IT pros can overlook due to concerns of user privacy and device security, even at the cost of adding another management console.
IT can implement these products on personal devices without making major configuration changes. These products can also offer some visibility of personal content while still separating corporate data from personal data. For example, Bitdefender GravityZone offers a mixture of security and user privacy that an organization needs for an effective BYOD deployment. This offering provides tools to detect the device owner and assign policy based on user groups, and it can perform pre-determined actions for personal iPhones, Android devices and iPads when users do something that leaves them out of compliance.
Go beyond basic mobile device best practices
A compromised mobile device via phishing attacks or some other threat can result in credential hijacking directly from the device. The enterprise has seen a significant uptick in phishing attacks via SMS and email, especially during the COVID-19 pandemic, and these threats are outsmarting spam filters. The threats also trick mobile users into entering their credentials in fake web pages that resemble login portals for Microsoft SharePoint, Dropbox or OneDrive.
IT should diversify its threat defense with different security layers. For example, IT administrators should ensure that they are deploying identity protection and network monitoring in addition to traditional spam filters.