How to better secure your fleet of mobile devices

While mobile devices are the symbol of business continuity, they are also the mark of easy prey for cybercriminals. In fact, 75% of companies experienced a “major” mobile-related security compromise in 2022. And that risk brings high costs with it. When remote workers are the root cause of a data breach, mitigation costs rise 20% hiking the price tag up from $4 million to $5 million.

And it’s not just cybercriminals profiting from loopholes in corporate mobile security.

Regulations like GDPR and SOC2, as well as government agencies themselves, have all taken aim at mobile vulnerabilities. In October, the federal Securities and Exchange Commission fined 16 financial firms $1.8 billion after they failed to prevent employees from communicating with clients via their personal devices.

With the proliferation of personal devices used for work, most executives are bracing for impact and recognizing that it’s time to strengthen endpoint security. Whether you are working to avoid federal agents or rising ransomware attacks, here are the best practices for improving the security posture of your corporate mobile fleet.

Remove blind spots to strengthen mobile security 

Widening protections for the entire fleet starts with understanding your devices and where their vulnerabilities hide, as uncovering security blind spots is half the success equation.

Companies are highly reliant on their mobile devices and yet many manage hundreds or thousands of them using poor recordkeeping practices. Comprehensive security starts with a registry that defines what the fleet has, what state it is currently in, and what applications, access methodologies, and services it uses. Devices can include laptops, phones, iPads, watches, scanners, sensors, and a variety of wireless tools.

Gaining visibility is the first step in identifying and managing every device into a known state. Network analytics, usage audits, Shadow IT discovery tools, and IT expense management platforms can be helpful in establishing a working inventory that can be expanded with detailed information about ownership, operating systems, users, their associated applications as well as the security risk of each application in use. A centralized system also helps with overarching insights to prioritize security efforts. For example, you may want to start with high-volume devices or those that use applications bringing the highest security risk.

Consider your mobile strategy and its impact on security

With an accurate assessment of company-owned and employee-owned devices, now is a good time to evaluate how your mobile strategy and device ownership policy uphold security. More devices expand the attack surface for bad actors, and the lack of standardization can make security complex with a broader range of operating systems, device types, applications, and other hardware-based risks for IT teams to manage.

One Vanson Bourne study showed 81% of companies are shifting their corporate policies due to challenges in security and management. At companies with a Bring-Your-Own-Device (BYOD) policy, 65% of devices accessing corporate information are personally owned. This reveals the intertwined relationship between employee devices and the information companies must protect. While today’s dominant approach is to use a BYOD approach with mobile phones and corporate ownership for laptops, tides are shifting as companies better balance security requirements with the convenience of employee devices.

Best practices: configure and secure devices into a known state

Building a foundation for mobile security should start with leading security frameworks, such as the Cybersecurity and Infrastructures Security Agency’s (CISA) Zero Trust Model for Enterprise Mobility, which includes mobile security techniques as well as tips for using the built-in security features of mobile operating systems. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is also helpful in process design.

The act of securing devices requires applying technologies to exert visibility and control over the entire fleet. This way companies can examine the operating system versions, configurations, and firmware, identifying any loopholes or security threats. Moreover, these tools can ensure applications comply with enterprise security standards, detect when system changes have been made, and empower IT teams to take swift action regarding threat investigation and mitigation. Unified endpoint management solutions (also known as mobile device management solutions) package these security tools and services together for ease of implementation and ongoing management.

Particular attention should be paid to:

• Cloud-based security compatible across a range of devices, allowing for the widest applicability and the broadest standardization of security across the entire fleet.
• System updates and patches with real-time, granular insight into device compliance across the operating system, web browsers, and applications in use.
• Multi-factor and password-less authentication, as compromised passwords are a key cause in mobile device data breaches.
• Multi-layer security addressing the core, hardware, firmware, and applications.
• Zero trust network access capabilities on a continuous basis, reducing the attack surface through an identity-based approach to security and access management .
• Physical separation —whether its network segmentation applied to mobile and IoT devices, secure containerization separating personal information, or data isolation blocking unauthorized communications, separation makes sensitive information more difficult to access.
• Location tracking and remote controls allow IT teams to digitally control functions from afar, including finding, locking, and unlocking devices, pushing content and applications, and wiping functionality either individually or entirely.
• Automation and analytics make it faster and easier to manage mobile security.
  • Machine learning and behavioral analytics are best for monitoring threats and accelerating the time to identify malware, ransomware, and zero-day attacks.
  • Process automation eliminates repetitive, manual tasks necessary in maintaining inventories, preparing devices for employee use, and reducing IT intervention when remediation or quarantine actions are needed to bring the fleet into compliance.
  • Dashboards should summarize the active risk exposure including vulnerabilities associated with each endpoint, and automation should prioritize response and remediation based on the likelihood of a breach  .

Often companies have too many devices to secure and too few resources to do the job effectively. That leaves security unchecked at critical moments in the lifecycle of a device, such as during preparation stages, threat mitigation procedures, and employee on- and off-boarding. At these junctures, each device must be protected comprehensively, outfitted with the company’s unique security applications, updated with the latest patches, and enabled with encryption, firewalls, anti-virus, and built-in security features—all before devices are put back into the hands of users.

This explains why many IT teams need to add the support of asset management services to their mobile security software purchase. When IT resources are already overstretched, service providers can handle inventories, orders, service providers, invoices, mobile help desk support, configurations, repairs, and decommissioning and reassignments.

Holistic endpoint security practices

Advanced security capabilities alongside dedication and discipline are necessary in order to configure devices into a compliant state and maintaining that known state is essential as both the business and the threat landscape perpetually evolve.

Mobile security pressures will continue to rise in parallel with more cybersecurity attacks, changing compliance requirements, and more devices to manage. Companies that can make and keep a concentrated effort on mobile security will rise above these challenges by exposing any blind spots inside their fleet, operationalizing a data-driven mobile strategy, and making proactive and ongoing security protections an integrated element of their mobile-first business.