Rethinking Endpoint and Mobile Security for Remote Workers
With growing enterprise mobility requirements plus higher
numbers of remote workers, properly securing mobile and remote users is causing
IT security teams to rethink their endpoint security strategies.
VPN tunneling enables remote users to benefit from most
perimeter protections. However, full-time VPN enforcement can be difficult.
Users may not always follow VPN usage guidelines. And in mobile BYOD
environments, it can be even more challenging. Personal devices may not even be
set-up for VPN access, users may use unsecured WiFi networks, and they typically
use mobile devices for both corporate and personal purposes.
Special “secure” web proxies are another option for
protecting remote workers. But most organizations find deployment and
enforcement challenging for similar reasons as for VPN tunneling, especially on
BYOD mobile devices. Web proxies also bring their own set of security, user
privacy, and latency concerns.
The most commonly deployed security option for remote
workers has traditionally been endpoint anti-virus or NextGen AV (NGAV)
solutions. But endpoint security for laptops is focused on malware protection
and offers little in the form of anti-phishing protection; that is, protection
from file-less social engineering attacks designed to exploit users rather than
the devices themselves. For the latter, most organizations use a variety of
email security solutions. These certainly help reduce the number of phishing
emails remote users see in their inboxes, but they do nothing to protect users
from targeted phishing attacks in personal email, social media, ads, rogue
browser extensions, messaging platforms, and more.
For users on mobile iOS and Android devices, the
situation is worse. The vast majority of mobile devices have no special
security protection other than the protections natively built into iOS and Android,
along with their respective app store vetting processes. Safe browsing
protections on mobile are also just a fraction of those on desktop browsers.
Fortunately, truly malicious mobile malware is still quite rare. Unfortunately,
mobile phishing is rampant. According to at least one mobile threat defense
vendor, mobile users are 18x more likely to encounter a phishing threat than
malware. There are also additional phishing attack vectors such as SMiShing
which are largely unprotected. And with smaller screens and information
layouts, important clues such as full URLs are typically hidden, making it
easier to phish mobile users.
Protecting Remote Users from Phishing
So, if traditional endpoint and email security solutions,
network access, and built-in safe browsing protections aren’t enough to protect
remote workers, what now? Time to get purpose-built, remote user
phishing protection onto mobile and remote workers’ machines.
Recently, we introduced new solutions to address these
key security issues. Our Mobile Phishing
Protection solution comes if the form of lightweight, cloud-powered
apps that protect iOS and Android users. And for Windows, MacOS, Chrome OS, and
Linux users, we offer Browser Phishing
Protection for Chrome, FireFox, Safari, and Edge browsers. These lightweight,
cloud-powered browser extensions augment endpoint security solutions to provide
multi-vector, multi-payload phishing protection. These endpoint and mobile
security products are easily deployed and managed with leading Unified Endpoint
Management (UEM) solutions or with SlashNext’s own Endpoint Management System.
To find out how you can protect your remote workforce
from the growing number of sophisticated phishing and social engineering threats,
contact us and request a demo
today.
*** This is a Security Bloggers Network syndicated blog from SlashNext authored by Lisa O'Reilly. Read the original post at: https://www.slashnext.com/blog/rethinking-endpoint-and-mobile-security-for-remote-workers/
