The ever-increasing number of mobile devices coming into organizations is a phenomenon that is unlikely to stop. This poses a new challenge for businesses as every mobile device can be a major data leakage point.

While at first glance it may appear to be a problem of malware on devices, the reality is that the vast majority of devices in companies are poorly secured.

The list of vulnerabilities in mobile devices is long: The main threats are concentrated in fake or bugged apps, those on unofficial app shops, which, despite looking like the original, are likely to be configured to capture and steal personal information.

Then there are the unnecessary permissions that apps request when installing them, to access different components of the device, such as the camera, GPS, contacts, or photos. These types of 'permissions' are often overlooked without first analyzing the nature of the app.

A clear example is a famous flashlight that asks for permissions to view contacts, access the internet, and so on as soon as it is downloaded. If you look closely, why do you need access to these services if you just need to turn on the flashlight?

Multi-tasking and multi-device users

A company that does not know enough about the use of mobile devices by its employees (corporate devices) is a company at risk. At this point, it is necessary to analyze the behavior that the user gives to the device both inside and outside the office.

This is when we can identify the 'promiscuous users', those who indiscriminately use business and personal mobile devices to consult entertainment applications such as Facebook, while at the same time accessing CRM applications to check customer statuses and at the same time checking the latest Gmail email from an external office.

The most strategic way to counteract this phenomenon in organizations is to strike the right balance between the use of secure applications and the users' need to access data. Also using mobile device management tools without becoming a restrictive tool for users.

The five causes of enterprise mobile risk:

Although there can be many, here is a breakdown of the five most common causes of enterprise mobile security risks:

1. Passwords or lack of them
   
   The indiscriminate use of passwords, many of them repeated for different uses or simply easily vulnerable, allows anyone to quickly access corporate data on devices provided by the company.
   
   Here the strategy for the company and administrators is to require users to have minimum password complexity requirements. They must also ensure that users do not repeat security patterns between different devices and services installed.
   
   
2. Granting of unnecessary permits
   
   Applications downloaded on different devices from public stores always grant a level of permission to access certain data.
   
   Here you should review the appropriateness of giving this information freely since many times the application may be trying to infect the device with malicious software.
   
   
3. Ease of “sideloading”
   
   Sideloading is when users download applications outside of the official app store. In the case of Android systems, you simply check a box in the system settings to allow sideloading. iOS users often jailbreak their devices to load apps that are not from the Apple store.
   
   To prevent these security risks, anti-malware should be required on all Android devices and jailbroken devices should be banned.
   
   
4. Underestimating iOS vulnerabilities
   
   Whereas Android systems are usually the primary target of malware, iOS systems are also susceptible to attack. Spying malware or surveillance ware, for example, can bypass Apple's App Store and exploit app provisioning.
   
   
5. Updating of apps and operating systems
   
   Application updates are also synonymous with security. Criminals are always on the prowl and prefer to attack outdated devices as they leave unpatched security holes.
   
   
   

Check out our entire portfolio of products and services here and let us advise you on the best solution for your company