By Amanda Johnson on Apr 16, 2019, 5:10:12 PM
"Device loss accounts for 41% of breaches, compared with 25% that derived from hacking and malware." - Trend Micro
Since 2011, there has been a 300% increase in mobile device OS vulnerabilities, and businesses are beginning to realize the increasingly critical need to protect company—and customer data. As networking environments continued to evolve over the years, IT departments have needed to adapt to the growing security threats in mobility. Cabir, the first virus that infected smartphones, reared its ugly head in 2004, and by the time iPhones and other smartphones emerged, a whole new generation of security woes had been born.
As the enterprise continues to see the growth of IoT devices, particularly mobile devices, IT departments are having to secure a seemingly infinite number of endpoints. More than half of organizations have identified employees as being the responsible parties, either due to falling victim to phishing, being socially engineered, or through simple human error. In a report by Apricorn, nearly 20% of organizations indicated that they believed their mobile workers didn’t particularly care about security, with one in three experiencing data loss as the direct result of their mobile workforce.
Mobile device security is the measures taken specifically to protect sensitive data stored on portable devices. Additionally, it refers to the ability to prevent unauthorized users from using mobile devices to access the enterprise network. Devices that require protection of this sort include laptops, tables, smartphones, wearables, and other portable devices. Today, the majority of businesses are using these devices to conduct routine business and the devices themselves could contain hundreds of gigabytes of private data on them—everything from healthcare information to credit card and social security numbers and more.
Robert Coleman, UKI CTO, CA Technologies said, "With businesses investing heavily in purchasing and developing growing volumes of applications to improve employee productivity, the security threat posed by lost and stolen devices has increased dramatically.”
"Nobody can prevent mobiles and tablets from being misplaced,” says Coleman, “but companies can ensure that the applications which reside on these devices are only accessible by the correct privileged users so that fraudsters cannot exploit them as a backdoor into the business."
Most organizations don’t even consider the impact mobile device security could potentially have on the sustainability of their business. Losing valuable intellectual property and compromising confidential data can cause a severe business disruption resulting in penalties and reputation damage.
"Mobile devices, whether they be laptops, phones or USB storage devices, must give users the facility to secure critical business data," said Jon Fielding, EMEA managing director, Apricorn. “Whether your data is in transit or at rest, encryption is absolutely key to safeguarding confidential corporate information and employers need to provide certified encryption tools for protecting that IP. That way, businesses can ensure that if a device is lost, it is locked down and the integrity of the data it contains is maintained. Built-in encryption, such as a hardware encrypted USB drive, offers a simple way to solve security of data on the move.”
Only about one in four organizations are thinking about a centralized way to secure the mobile devices they deploy. By implementing an additional level of physical security, these forward-thinking companies are more successfully protecting the information stored on their mobile devices, mitigating the risk of compromised data.
Ojas Rege, chief strategy officer, MobileIron said that two new developments could help organizations in this area: “Biometrics, like fingerprint and facial recognition, provide an easy and more secure way for individuals to access their mobile devices and apps; Machine learning takes data inputs from devices, networks, and apps to constantly monitor and identify evolving threats of which the user is almost never aware.”
Not only do organizations need to focus on all of the potential external threats to devices—from phishing scams and spyware to malicious apps an unsecured Wi-Fi networks, but they also need to take into consideration the possibility that the employee might lose that device or that the device can be stolen. Implementing internal policies, educating employees and investing in software solutions to help keep data secure are all part of a multi-layered approach to keeping your organization’s data safe.
BakerHostetler’s 2019 Data Security Incident Response Report notes that raising employee awareness and employing multifactor authentication are still two of the best defenses to address the employee risk factor. “Now more than ever, mobile devices have a target on their back,” said Mike Feibus, principal analyst with FeibusTech. “It’s ironic, but the more mobile devices are used as a multi-factor option to secure PCs, the more desirable they become to hackers. And as everyone knows, where there’s a will, there’s a way.”
And data loss costs organizations more than you think. According to an article from Druva, “every lost laptop costs an organization approximately $49,000.” These costs are clearly not related to the value of the device but rather the value of the data on the device; the loss of intellectual property and impact of potentially compromised proprietary data; add to that the expense of employee downtime and the financial impact of that data loss increases even more.
For example, the University of Utah Eye Center found out in June of 2018 that a computer and its associated external storage device was stolen from its facility. The University had to notify more than 600 patients that their protected health information was potentially at risk; they also proactively established a dedicated call center to help these patients navigate the aftermath. The potential damage to the Eye Center’s reputation could have reached a point of no return if patients had lost trust and if the University hadn’t mitigated the damage proactively.
The exponential growth of IoT could potentially leave a large, costly gap in an organization’s security protocols. Being aware of these gaps and the risks inherently associated with mobile devices by implementing policies specific to mobile devices and ensuring that the data accessible from these devices is encrypted and secure, can help circumvent the costly and often devastating outcome of a data breach from a lost or stolen device.
GhostVolt, a powerful security application for teams, encrypts data using the AES-256 encryption algorithm both at rest and in transit. AES-256 is the algorithm approved by the US government for encryption of classified data and is considered the standard for data encryption. With GhostVolt, you can take an important step towards securing your data and meeting the regulatory criteria of CCPA, as well as GPDR and HIPPA requirements.