EMM & Endpoint Security for Mobile Users

During the pandemic, more and more virtual meetings and telework arrangements made mobile devices more popular than ever.  These mobile users are accessing business networks, proprietary data, and more.  This type of usage increases an organization’s overall digital footprint, thereby increasing the need for added security to protect that digital information.  Enterprise Mobility Management (EMM) systems are an important strategy to consider.  In this article, we provide tips for enhancing endpoint security for mobile users.

Do Mobile Devices Have the Same Security?

According to the National Institutes of Standards and Technology, “mobile devices bring unique threats” to an organizations data and the enterprise as a whole.  Mobile devices are susceptible to mobile malware and vulnerabilities, apps that run in the background, and must be approached differently than desktop devices. Federal enterprises in particular, “need to institute the appropriate policies and infrastructure to manage and secure mobile devices” to comply with federal guidelines and requirements.

Enterprise Mobility Management (EMM) Systems

EMM systems are a comprehensive approach to address mobile devices in an enterprise environment for organization-issued and personally-owned mobile devices.  EMM systems typically include:

1. Controlling access to enterprise resources.
2. Establishing a mobile device policy and performing periodic assessments to ensure compliance.
3. Addressing specific conditions in which the mobile device is accessing those resources, such as public WiFi networks.
4. Evaluating apps and libraries, prior to deployment and throughout the lifecycle of the app, to scan for vulnerabilities or malicious code.
5. Keeping mobile operating systems and apps updated.

Not only should businesses consider employing a formal enterprise mobility management strategy, but these strategies should also be reviewed and updated often.  Mobile threats change daily, so too, should the organization’s EMM systems.

Device Theft & Loss

What happens when a device is lost or stolen?  What is the protocol to report the incident and what processes are in place to de-authenticate the device and remove any stored data and files?  Sensitive data can be stored in text, email, or other apps which place the organization at a high level of risk.  Procedures should be implemented to immediately wipe the device, invalidate future access, and notify the IT or technology provider.

Networks & Audio Data

While the mobile device itself may be adequately protected using many of the above listed protocols, the network that the device accesses may be another high area of vulnerability.  Bluetooth, WiFi, wearables (Apple watch, wireless headsphones, etc.), and cellular networks transmit audio, voice, and data.  These networks are particularly susceptible to wireless eavesdropping and Man-in-the-Middle (MitM) attacks.  Special considerations must be employed to train and educate users to protect all data, including audio and information transmitted over untrusted networks.

As you can see, endpoint security for mobile users and their devices can be complex.  An enterprise mobility management system can be complex.  For many organizations, outsourcing mobile security to organizations who focus on these tasks, is often a more productive way to address these complex issues.  If your organization is concerned about endpoint security for mobile users, the technology experts at Conscious Networks can help!  Schedule a consultation.

Source:  Guidelines for Managing the Security of Mobile Devices in the Enterprise:  A Special Report from the NIST:  NIST SP 800-124 Rev. 2, Guidelines for Managing the Security of Mobile Devices in the Enterprise