In our world today, smartphones have become an absolute necessity. Smartphones are now networked computers used to connect to company networks, data storage devices, navigational devices, sound and video recorders, and a mobile bank used to facilitate communication and business transactions around the globe. These multitudes of functions of smartphones have made these lucrative devices targets for cybercriminals to lodge malware and viruses (Aziz & Miah, 2019). Also, the ‘Bring Your Own Device’ (BYOD) policy implemented by various organizations comes with several benefits, including employee efficiency, increased workforce mobility, greater work flexibility, and reduced hardware cost. However, using personal mobile devices in performing work-related functions poses several security risks to the organization (Atanassov & Chowdhury, 2021). As a result, every organization must put in place measures to protect mobile smartphones from malware and viruses in the same way they protect computers and laptops to safeguard the larger network infrastructure. The following measures and security best practices could help in reducing the attack surface for mobile devices;
- Centrally manage mobile devices using a Mobile Device Management (MDM) solution like Mobile Iron. MDM is an effective way to provision, regulate, track and secure all portable devices connecting to an organization’s network. Software upgrades, fault management, and remote wipe capabilities of MDM are features that prevent data compromise, especially on lost or stolen devices.
- Use robust encryption algorithms like AES 252 to encrypt data stored within these devices, thereby reducing visibility into the devices that have access to the company network in the event of a compromised or stolen device.
- Use security software solutions such as endpoint detection and response (EDR) solutions to monitor mobile threats. These solutions provide visibility into the mobile threat landscape, helping the security team adequately monitor mobile devices and anomalies in user behavior that could point to an attack in progress.
- Ensure all mobile devices connecting to the network run on operating systems that are up to date.
- Make use of multifactor authentication to access mobile devices containing company data and connected to the organization’s network.
- Educate employees to refrain from connecting mobile devices to public Wi-Fi networks and build mobile security awareness and security policy and data protection awareness through training programs.
- Organizations should restrict users from downloading unauthorized applications to mobile devices using various access control mechanisms.
The Role of Policy in Mobile Device Security
Given that mobile devices could be used as entry points for cybercriminals to the larger network, organizations must have in place policies and procedures that guide the use of mobile phones within the organization to bolster the organization’s overall cybersecurity position. Policies like the acceptable use policy (AUP), mobile device management policy and procedures for downloading apps and performing technical updates to mobile devices must be established. The acceptable use policy is critical in ensuring mobile device security as it outlines the baseline behavior required from employees as they use mobile devices. AUP sets when and why employees can or cannot connect or use mobile devices to the company’s network. This policy is also used to prohibit or restrict the connection of mobile devices to public networks and Wi-Fi connections by providing an inventory of prohibited apps and sites that should not be visited. Mobile device management policies could set specific technical and software security requirements for devices that connect to the network and spell out the responsibilities and limitations to the use of mobile devices under the BYOD policy. On the other hand, enterprise-wide Mobile device management (MDM) solutions could be an efficient way to implement and evaluate the effectiveness of mobile device security policies that are put in place, including the BYOD policy (Batool & Masood, 2020). MDM solutions allow security administrators to control, secure and enforce mobile device policies.
Atanassov, N., & Chowdhury, M. M. (2021, 14-15 May 2021). Mobile Device Threat: Malware. 2021 IEEE International Conference on Electro Information Technology (EIT),
Aziz, M., & Miah, P. (2019). The Emerging Framework To Improve Mobile Phone Security System.
Batool, H., & Masood, A. (2020, 6-9 July 2020). Enterprise Mobile Device Management Requirements and Features. IEEE INFOCOM 2020 – IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS),