Mobile has greatly increased the number devices that threaten enterprise organizations—large and small. Any device that touches a company’s mobile ecosystem can impact its security—including corporate-owned, employee, vendor and customer devices.
In addition to devices, user activity and actions on those devices significantly impact the overall health of an organization’s mobile environment. In fact, research by NowSecure revealed that 43 percent of smartphones don’t have a password, PIN or pattern lock on their device and 50 percent connect to unsecured Wi-Fi at least once a month. If that wasn’t scary enough for C-suite executives, 48 percent of mobile apps on any given device have at least one major security vulnerability that either leaks sensitive data or allows unauthorized access to sensitive data.
Protecting an organization from mobile threats requires being proactive, unrelenting and knowledgeable about the threat landscape and the solutions that work. Mobile devices require a different type of incident response and enterprise executives need to ask the right questions in order to prevent a devastating attack before it ever happens.
The mobile enterprise security experts at NowSecure have highlighted the 10 most important questions any manager or executive should be asking about how secure their mobile ecosystem really is and what measures they have in place to protect their mobile data and prevent attacks.
1. Do the apps you or your outside agency develop follow best practices for security?
2. Do you have visibility into the security of the mobile devices impacting your organization?
3. Is mobile security testing built in to your app development lifecycle?
4. How secure are the third-party mobile applications on enterprise-connected devices?
5. Are your employees trained on mobile security best practices?
6. Are there any restrictions in place to the kinds of corporate data that may be accessed by employees using their personal mobile devices?
7. Does your organization have a comprehensive mobile incident response strategy in place?
8. Does your mobile security strategy address the unique challenges of the technology, or is it really just a repurposing of your traditional computing security solution?
9. How do you keep up to date with of the latest known mobile security vulnerabilities?
10. What criteria and analytics do you use to perform quantitative mobile risk assessment evaluations?
Attackers are smart and will find ways to exploit even the smallest weakness. The prevalence of mobile devices and the sensitive data they often contain or have access to make them prime targets. Make sure you can answer these 10 questions for your organization to stay one step ahead of the bad guys.