How to mitigate risks of agile working with Mobile Device Management
What to consider...
UK organisations now rely on some form of digital communication or services. Yet, the challenge of protecting data may seem like an ever-more daunting one. Consider these three key questions:
What happens when devices are lost or stolen?
Is your firm’s data secure on these devices?
How do you prevent unauthorised access to data from devices?
Get it wrong and you could face ransom payments from cyber criminals. Or, large fines for regulatory breaches from the Solicitors Regulation Authority.
Mobile Phone Cyber Security
A Secure Environment for Mobile Devices
The most successful strategies deliver three core benefits:
- Measurable ROI in months, not years. Whether managing the firms or employee-owned devices, an agile working strategy is a good opportunity to realise expenditure savings. Furthermore, employees who are encouraged to use their own mobile devices will save having to purchase often expensive alternatives. Easily transfer more of your data traffic onto Wi-Fi networks, thereby cutting the cost of your monthly mobile data plans.
- More satisfied and productive employees. Employees who have the ability to connect to the firm’s network from anywhere can take advantage of dead-time. Such as, the twice-daily commute and time between meetings to complete work-related tasks. Research suggests, mobility strategies can increase employee productivity by as much as 23 percent.
- Simple and highly-secure access to client data and applications. Building a strategy helps you control and manage mobile use so employees use mobile devices more securely. For example, using pre-configured Wi-Fi networks. The monetary value of this approach cannot be overstated.
What sensitive information is my attacker privy to?
Most mobile phone fraud involves a variety of scams targeted at the general public. For example, these either persuade you to buy phone-related products or to make phone calls/texts to premium services by accident; or to unknowingly sign up to expensive subscription services. However, these can be very costly to you as an individual or your firm and it’s important yourself and staff are aware of them all. If your mobile phone is hacked, are you aware of all the sensitive information your hacker is privy to?
- Access your calendar and know when and who your meetings are with
- Turn on the mobile device recording function to listen in on boardroom meetings, sensitive case discussions, merger/acquisition talks
- Activate the camera to take pictures or videos
- Read browsing activity and any user names and passwords entered into sites
- Export contact lists with call and text history
- Forward emails/texts sent to or from your device
- Access phone calls and voicemails
- Track partner/senior staff location at anytime via GPRS
Does this sound like you?
Imagine this:
You’re early for a meeting so you go to a coffee shop to check and send a few emails for 30 minutes. After looking at the WiFi networks available and identifying one with a strong signal, has a similar (or the same) name as the coffee shop, is free of charge and open – you log on right?
You believe you’re interacting with a known entity, like a website. This is when the breach of your mobile device happens as you connect to an attackers WiFi hotspot they have created. In conclusion, hackers then eavesdrop, intercept and alter traffic between two devices.
Did you know 1 in 4 WiFi hotspots are open to attack?
Next time, you may wish to check behind the counter for the exact name of the WiFi which should be password protected.
Top 5 Mobile Scams to Warn Employees About
Missed Call Scams
Your phone registers a missed call. You don’t recognise the number, so you call it back. Although most of the time the call will be perfectly above board, you may be redirected to a premium rate service which can cost up to £15 per call.
Recorded message scams
The number you’re asked to call back may be a recorded message telling you that you’ve won a prize, and giving you another number to call to and claim it. But this second number may be a premium rate one. Also, your prize may be nothing more than a ring tone subscription which can also be fraud!
Text message scams
You’re sent a text from a number you don’t recognise, but it’ll be worded as though it’s from a friend. For instance: Hi, it’s Peter, I’m back! When do you want to catch up? You call it back, thinking you’re doing them a favour by telling them they’ve got the wrong person. This results in you being charged a fortune for a premium rate call. Or you may text back and end up engaging in a lengthy SMS exchange. You find out that you’ve been charged high rate for your texts (and sometimes for your received texts as well).
Ring tone scams
These scams might attract you with an offer of a low-cost ring tone. By accepting the offer, you’re actually subscribing to a service that will keep sending you ring tones. They will also charge you a premium rate for them. There are many legitimate companies selling ring tones, but there are also fraudsters who will try to hide the true cost of taking up their offer.
Phone insurance scams
If you’ve bought a new mobile phone, a fraudster may call you to sell you phone insurance. They will make out as though they are calling from the shop where you bought it from, or from your mobile phone network. At best, you end up with poor quality phone insurance or, at worst, none at all.
Mobile Device Management Solutions
Mobile Device Management for Bring-Your-Own-Device (BYOD)
Whether part of your employee handbook or not, elements of bring-your-own-device (BYOD) initiatives are commonplace. For example, if you use Office 365 or Google for your business email, the chances are some of your most eager employees have tried to access it from their personal devices. While unmanaged, a stolen device could represent one of the biggest threats your organisation may face. A good mobility strategy should consider mobile device management privacy.
What does Mobile Device Management do?
This software does exactly as its name implies. Firstly, you can decide which mobile apps can be white & black-listed i.e. what can and can’t be downloaded and keep track of all the mobile devices in your firm. This enables enhanced mobile security.
Should any mobile devices be reported missing or lost, remotely locate, lock and wipe the device. Thus, protecting the integrity of firms data that has accompanied the mobile device. Manage what company data mobile devices can access and ensure you have the capability to separate the firms’ data from personal data. Extremely useful should you be currently exercising, or plan to initiate, Bring Your Own Device (BYOD) across the organisation.
Take advantage of a free 30-day trial for Mobile Device Management. Click here to register.
Why is Mobile Device Management Important?
When considering flexible working, a mobile device management solution is a must-have. Your chosen solution should give you visibility and a level of control over all device types. Whether they’re mobile phones, tablets or laptops. Managing devices with different operating systems may sound like a minefield. However, the right solution will automatically configure devices according to your security policies. Whilst ensuring that devices remain compliant before accessing your network.
Support Legacy Systems
Ensure your chosen solution provides support for legacy systems. While most solution vendors are proud to support the latest operating systems, there are many larger firms that still rely on legacy systems for various reasons. To ensure consistency of your security policies, and reduce the workload of its management and enforcement, choose a single solution that lets you uniformly manage all assets accessing your network.
Mixed Device Ownership
Users may own and use multiple mobile devices to access the firm’s data. Your solution should allow you to set up user and group-based compliance rules. That will help your bring-your-own-device strategy to succeed. If your firm has a mixed device ownership model, you might want to create separate rules for your corporate devices and those owned by your users.
Location Based Compliance
In addition to user-based rules, you should consider automatically enforcing policies based on the location of a device. For example, if you supply regulated services, you may be required to disable smartphone cameras or screenshot functions, to prevent card details from being written down or stored. Use advanced rules to enforce restrictions by location and allow full use of device features offsite to drive user adoption.
Top tips to protect employees from mobile device fraud:
- Set up a password on your phone or tablet including voicemail access.
- Never store personal details like passwords in texts or emails that are accessible.
- Ensure a company policy states all staff must inform a senior partner immediately should they be unable to locate any mobile device. Inform suppliers immediately, unless you have MDM software, as they can blacklist and deactivate it remotely. Ensure staff change all passwords for online accounts accessed through the device immediately (e.g. online banking).
- If you visit a website through your mobile or tablet and the URL looks suspicious, close it down straight away.
- Don’t respond to unrecognized numbers of a missed call or text requesting a response.
- Ensure you get indemnity certificates on every device when disposing of your mobile devices. This will provide the security they have been wiped. It can also provide protection of a large sum of money should your firms mobile devices fall into wrong hands.
- Be extra vigilant when you have an upgrade due or your contract is near its end. This is a key time for fraudsters to target your mobile phone account with fake contract and insurance deals.
Mobile Device Management Policy
Mobile phone security policies are imperative in your workplace and as a firm, you are continually coming under greater pressure to make more profit. Partners and staff are being measured in greater detail to deliver profits in their department and maximise billable hours therefore, they will look at all resources available. Management and staff will start to take matters into their own hands to help them do their jobs more efficiently.
Findings from a Forrester Employee Survey discovered:
- 16% of employees admitted they would install unsupported software
- 22% would use a website or Internet-based service that their company doesn’t support
- 35% would buy something with their own money if it helped them achieve targets
In addition to the requirements of your own agreements, there are many regulatory frameworks across the United Kingdom which mandate operational policies & processes. For instance, depending on the size of your firm, you may already have appointed employees responsible for certain obligations; such as a Data Protection Officer with GDPR… usually the COLP. When planning a flexible working strategy, it is important to engage with and collect feedback from key stakeholders across the firm. This ensures your mobility strategy adheres with all requirements.
Personal information and your mobile phone
Analysts at Gartner have predicted that by the end of 2019, one-third of reported malware will come from mobile devices. Unexpectedly, for flexible workers using mobile devices that access your network, the biggest risks come from malicious software and content-based attacks (such as viruses hidden within Excel spreadsheets). At a minimum, the most effective way to mitigate these risks is to ensure all applications are regularly updated and an anti-malware product is installed on devices where necessary. However, we highly recommend that you chose a solution that follows the GCHQ’s twelve principles for securing devices and most importantly will:
- Detect devices that have been jailbroken or rooted
- Alert users when malware is detected
- Uninstall infected applications or wipe devices
- Block ransomware apps that take control of devices
About Matrix247 Mobile Device Management
Across all industries, thousands of organisations trust IBM MaaS360 with Watson as the foundation for their digital transformation. It’s no surprise, because its the industry’s first and only cognitive unified endpoint management (UEM) platform. This delivers AI, contextual analytics and strong security controls across users and devices. Delivered from a best-in-class IBM Cloud on a trusted platform, MaaS360 helps to manage mobile security for a wide variety of devices. Consequently, this helps users provide integration with solutions from Apple, Android, Google, Microsoft and other suppliers of management tools. IBM works with these suppliers to provide integration and to ensure that integration can occur as soon as new tools are available.
Complimentary Professional Risk Assessment Review
Matrix247 will forward to your organisation a FREE comprehensive report which will identify all the potential risks across existing telecoms and mobile devices within your own organisation.
To sum up, we will identify all existing threats, whether the risk to your firm is high or low, based upon consequences and who would be affected. We will also look at what existing equipment and software you currently own that can be leveraged to assist in backing up and if there are specific solutions or advice we can share to remedy high-risk threats, we will also include these.
