Mobile devices provide flexibility, allowing employees to work outside of the office. This translates into competitive advantages, productivity gains and employee satisfaction benefits. It is no surprise that mobility is one of the fastest growing segments of the enterprise technology market. Security remains a major challenge that continuously needs addressing.
As computing infrastructure becomes less centralised there is greater potential for malware entering devices that are being used remotely and increasing the risk of data being lost. The financial, legal and reputational impact of these data losses can be immense.
Bring Your Own Device (BYOD) compounds the issue as employees use their own devices to access corporate networks. It is highly alarming that approximately half of organisations that allow BYOD do so without any security policy! It’s perhaps not surprising that 37 per cent of organisations have experienced a breach or data loss directly attributed to their mobile technology.
But there are some simple steps that can immediately improve your customers’ odds against threats starting with patching. To start, ask your customer whether they are currently patching, are they able to quickly remediate a known vulnerability, and is it easy for them to produce a report from their fleet of machines. If your customer’s answer is ‘no’ to any of these questions, you have an opportunity to evaluate how your customer is protecting their devices.
The next thing you can do is regain control with improved access management. There are a few questions you can ask your customer to determine how vulnerable they are. First, determine which employees have access to what. Similarly, ask the customer if they were asked to give a report of all people that accessed any one file on their file servers over VPN within the last week, could they generate that report in less than an hour. Ask if they can verify that previous employees have been decommissioned and have no access to their data. If the customer is not able to quickly generate reports and fix any gaps, then the organisation is at the mercy of malicious intentions.
If the customer can access vulnerability and breach reports, empower them to use them to start conversations to turn things around. Customers should begin proactively sending vulnerability reports to management.
The main thing to remember is to make things as difficult as possible for attackers. When organisations neglect even the basics of cybersecurity, attackers see this as low-hanging fruit. Securing an organisation can be very difficult, but most exploits occur with either insider help or by way of well-known vulnerabilities. The above practical questions and their correlative remediation steps can help any organisation enhance its security posture.