Mobile workers usages
Being the aggregation of all working and often personal tools at once, the mobile
device became the privileged media of workers. To make calls, consult emails, access corporate resources but also remain connected with relatives or simply take a break… our mobile device is an integral part of our daily life.
The democratization of BYOD and remote working widens the spectrum of mobile
usages and constitutes a security challenge that companies have to address.
A thin line between professional and personal life
- Use of corporate applications: e-mails, business tools…
- Access and storage of files: contracts, procedures…
- Connection to corporate networks: WiFi, VPN, proxy…
- Calling and recording of business contacts
- Use of personal applications: socials, entertainment, news, health…
- Access and storage of files: pictures, videos, account records…
- Connection to private and public networks: personal WiFi, open WiFi…
- Calling and recording personal contacts
- Manipulating the OS to unlock features (root/jailbreak)
Mobile workers threat environment
Mobile devices are an integral part of day to day professional and personal activities.
Tablets and smartphones came along with the apps’ model where there is an application for every need, always a network to connect to… Mobile devices turn into the perfect swiss knife hiding along the way underground activities that could take place.
Mobile devices are full of fruitul data for cyber-criminals and basic mobile usages are concealing the bigger picture of the mobile threat playground.
Settings conguration, system update, root/jailbreak of the device to enable advanced capabilities.
Connection to cellular, professional and public networks
Mix of professional and personal contacts
E-mails, CRM, business applications…
Social networks, news, transport, entertainment, health…
Business contracts, procedures, documents, personal pictures and videos…
Ransom demand, data theft (contacts, videos, les, credentials…) eavesdropping (microphone, location, camera…)
System takeover (data deletion…)
Data theft (contacts, emails, files…)
Credentials theft (business services, banking account…
Corporate and personal data leakage (contacts, agenda, videos, files …)
- The mobile environment is full of threats to be thwarted in the light of corporate and employees’ expectations to preserve business agility. In addition, the spreading of hybrid configurations such as BYOD and work/life separation prevent from a single-sided approach.
- Easy access to corporate data
- No impact on personal use
- Blocking access to corporate resources in case of threats
- Protection of company data
- Maintaining the productivity of mobile employees
- Implementation of a customized security solution
- Compliance with regulations
Individual best practices
Mobile threats act on 3 different layers, starting with applications, network and device. Some simple rules could be followed at the individual level to reduce the attack surface.
Applications are the privileged media for cybercriminals to run attacks because of their outreach and easiness of deployment. Therefore, collaborators must pay greater attention to applications that are hosted on their devices. Here are the core principles to individually apply:
1. Banish the download of apps from 3rd party stores. Malwares, but not only, primarily come from non-official stores.
2. Watch out for requested permissions. Users might carelessly grant permissions to applications. Yet, it happens more often than they may imagine, that permissions are not all required for the proper functioning of the application but requested to collect and sell data mainly to marketing companies. When using a mobile device for corporate purpose, users have to be diligent with apps’ permissions to prevent from data leakage (contact list, SMS, call logs…).
3. Rigourously update applications. Malicious applications can still be downloaded from stores despite security measures implemented by Google and Apple and are usually removed as soon as they are detected. By enabling applications auto-update in the store settings, obsolete apps will be deleted and the user will benefit of new releases right away.
When working from home or traveling, network connection is key to run activities: retrieve and send e-mails, access to corporate resources (files, contracts…) and applications (intranet, CRM, messaging…). It usually often involves to rely on a network connection other than the cellular one. Here also are some core principles that must be followed:
1. Use a known private WiFi network. To prevent from any transaction interception, collaborators have to connect to a trusted WiFi network and avoid any next-door public connection facilitating Man-In-The- Middle attacks.
2. Do not tweak the connection. Whatever the bandwidth capacity, it’s never enough and users may be tempted to try to improve their network performance downloading for instance a shady application.
The device itself represents a target for hackers which are looking for breaches to take control on the system. Basic actions can be taken to strengthen the OS:
1. Do not root or jailbreak the device. Extra capabilities unlocked when jailbreaking or rooting a device are leveraged by cybercriminals when perpetrating an attack. Thus, 75.1% of applications are checking this status to run advanced commands.
2. Keep the OS up to date. Updates have to be strictly applied as they usually embed a security patch fixing known vulnerabilities.
Adapted security measures to mobile workers
The mobile security ecosystem is no exception and there are plenty of solutions claiming to properly protect mobile devices. As for any solution selection, a careful comparison needs to be conducted to identify strengths and weaknesses of players in the light of their core expertise and the company requirements.
Below are highlighted the core properties to look for when setting up mobile security.
A successful implementation of mobile security requires to subtly balance protective measures and users’ freedom of use. A restriction can only be accepted as long as it is appropriate and measured. Thus, threat detection accuracy and security response granularity are the two pillars to provide an efficient mobile security posture. False positives would ruin confidence of both the security team and the end-users in the solution and by extension in the security strategy.
The vivacity of the mobile context requires to act on the fly through a mobile threat defense agent. Taking the form of a mobile application, it dynamically detects and remediates threats in real-time. A complete protection has to handle the three vectors of attacks being applications, network and device and offer adapted counter measures.
Mobile workers present various configurations (Bring Your Own Device, remote working,
nomadism) and have different roles in the company. The solution has to be highly customizable to define adapted security policies matching users’ profile.
The threat detection sensitiveness is to be adjusted according the users’ role and threat
exposure. On another hand the security response will depend on the mobile context. Intrusive security measures cannot be taken on a personal device and threats have to be mitigated by locking down the access to corporate resources.
Workers are needing an easy to deploy and burden-free solution to embrace the mobile security strategy of the company. Mobile threat protection usually provides pre-configured agents for 0-touch deployment to smoothen the adoption.
When the device is setup with a dual environment for professional and personal activities, the solution needs to be deployed on both profiles to ensure a total protection. The ability of the solution to manage both environment and offer adapted security response with regards to each one is key.
MANAGED OR UNMANAGED
There are two kinds of mobile workers. The managed ones refer to mobile
devices that are administrated by the company.
On principle, managed devices conform to the security policy of the company through the
enforcement of security measures and restriction of usages if needed (blocking of applications, networks…).
Unmanaged devices represent external collaborators or partners as well as most of the BYOD users. They must access to corporate resources to fulfil their duties but shall not be restricted in their usages. The security response has to be adjusted and will consist in warning the user and preventing the access to corporate resources until the detected threat is remediated.
Unmanaged devices require a custom mobile security solution to combine security and users’ flexibility. Source
How Can ITM Help You?
iTM covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Mobile Device Management, Cloud security best practice & architecture and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.