Top 5 Mobile Device Security Tips

A blockbuster report published recently revealed the extent to which a notorious spyware variant is being used to monitor unwitting victims via their mobile devices. According to the investigation, journalists, human rights activists, government officials, businesspeople, lawyers and others were targeted by the NSO Group’s Pegasus malware over many years. It can collect virtually any information from infected devices, including browsing history, log-ins, notes, photos, videos, emails and even messages sent via encrypted apps. 

While the spyware itself is extremely difficult to detect and prevent, the global furor it has ignited should remind IT security leaders of the importance of effective mobile security policies. In a world of hybrid work, these devices will become an even more important part of the corporate IT environment, connecting to business-critical company resources via VPN or directly to the cloud. 

The truth is that Pegasus is only used in highly targeted cases. However, less sophisticated versions of spyware are widespread, with phishing messages, rogue applications and insecure Wi-Fi networks among the top threat vectors. In a study by Ivanti Research, 87% of CISOs agreed that mobile devices have become a key focus for their cybersecurity strategies.

With this in mind, here are our top five tips for securing your employees’ mobile devices:

  1. Mobile Threat Defense 

    Effective mobile threat defense (MTD) software should mitigate cyber-risks within networks, devices and applications. That means blocking threats hidden in legitimate-looking apps or on malicious websites, automatically encrypting traffic when connecting to a public Wi-Fi, and blocking man-in-the-middle attacks. Alongside suspicious activity, it will scan for device vulnerabilities and misconfigurations.

  2. Enterprise Mobility Management

    Enterprise mobility management (EMM) can be thought of as a companion to MTD, designed to enforce corporate security policies and perform remote administration on each device. In this way, it can enforce multi-factor authentication, block access to prohibited content, limit app downloads and initiate auto-lock and remote wipe if a device is lost or stolen. Many EMM tools have been subsumed into unified endpoint management (UEM) product portfolios, which means organizations can manage smartphones, laptops and other devices from the same console.

  3. User Awareness Training

    The number one threat to your organization may be employee negligence. Ensure they’re familiar with corporate policies and know how to spot the latest phishing and other mobile scams. Short lessons, little and often, featuring simulations and gamification techniques, have the best chance of achieving behavior change.

  4. Review Your Policies 

    Policies are the bedrock of any mature cybersecurity strategy. Yet, both the threat landscape and user behavior are continually evolving. That makes regular policy reviews an essential task. Try to conduct them every six months or so, and ensure they’re well documented and communicated to all users. 

  5. Zero Trust

    Experts devised zero trust for the mobile-centric, hybrid world of work emerging from the pandemic. Zero trust is predicated on three key pillars: treat all networks as untrusted, assume prior breach and enforce least privilege access. Zero trust is about much more than device security, but MTD and EMM, supported by the right policies, will be a good place to start.  

What’s Hot on Infosecurity Magazine?