Lack of Mobile Strategy Creates Security Holes

How a security-focused mobile strategy can help organizations stay safe in their digital transformation efforts and beyond

The focus of many organizations’ digital transformation has been on mobile devices. Employees depend on their smartphones and tablets (and a multitude of apps) to conduct everyday business, from anywhere at any time.

However, even though mobile is now the heart of so many organizational digital transformations, too many businesses are actually failing with their mobile strategy, and that could be setting them up for security and privacy breakdowns, according to a new study from SOTI.

Ill-Equipped to Handle Data Leaks and Breaches

Respondents to the survey, “Racing Toward the Future of Enterprise Mobility,” said the biggest mobile threats they face today are data leakages (70% of those surveyed), data breaches (61%), phishing attacks (55%), mobile malware (54%) and malicious apps (47%). The study also revealed that 33% of enterprises arm their workers with mobile devices that are ill-equipped to handle these threats. The fact that 31% of survey respondents said they had experienced a data breach within the past two years is a proof point around their biggest security fears becoming a reality.

“One of the biggest mistakes organizations make is not doing a complete audit of all of their digital touchpoints to evaluate risks of data leaks and potential breaches,” said Shash Anand, vice president of Product Strategy at SOTI. “For example, content delivery to mobile devices should only be performed by trusted sources and that trust must be established ahead of time and validated regularly.”

Another mistake, he said, is that end users too often are free to visit any website, which creates opportunities for accidental downloading of malicious apps or code that can run on the device and share data with other systems. “Even email access on mobile devices requires trust, which is typically performed via security certificates that also need to be set up properly,” Anand noted. “Otherwise, you could run the risk of downloading attachments from hackers looking to penetrate the system.”

Digital Tartar

Anand said one of the more unique answers to the survey question on concerns around enterprise mobility cites “digital tartar.”

“This striking term effectively focuses on the ‘buildup of sensitive data in the nooks and crannies of file shares’ and ‘cloud storage that never gets deleted after it is no longer used,’” he said. “It is a concern that will no doubt continue to grow in line with the expanding mass of data being collected by all enterprises with a mobile and digital footprint.”

Another layer of digital tartar that is often forgotten in the mobile strategy is old devices. Older devices become the source of potential data breaches and leakages because they often don’t fill the gaps that newer devices do, Anand explained. Outdated equipment generally refers to outdated software and the capability to handle new updates.

“You also run the risk of integration with other systems. Fixing this problem is generally around awareness and education of the total cost of ownership of an organization’s devices’ life cycle and outlining risk mitigation strategies,” he said. “There is a false perception that updating devices and keeping them up to date is challenging for an organization, but with the right enterprise mobility and IoT management solution in place, organizations can address many of their concerns and keep both their data and devices secure.”

What Companies Need to Address in 2020

The reliance on mobile devices only going to increase as more employees prefer to use a smartphone or tablet to connect to the corporate network. That means the data on these devices must be secured as well as the communication to and from these devices. Otherwise, organizations run the risk of millions of security holes.

“Most organizations purchase technology that is a one-size-fits-all approach, without actually addressing their specific needs and plans to update devices accordingly,” Anand said. “Failure to tune in to updates can lead to issues down the line that go far beyond attempts to stay relevant and ahead of the competition.”

To address their mobile strategy in 2020, companies should create a comprehensive plan that prioritizes and mitigates these risks, and then align the process across all major stakeholders, including operational technology, IT and cybersecurity. This, Anand said, will harden mobile (and IoT) security and minimize the risk of data breaches.

Sue Poremba

Avatar photo

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 271 posts and counting.See all posts by sue-poremba