As CISO and Head of Mobile Security at Mobile Mentor, I spend a lot of my time working with customers around policies and configurations relating to Mobile Device Security. As its ‘Cyber Security Week’ in New Zealand I thought I would share three ways in which we work with customers to ensure they are mitigating risks around their mobile fleet.
Patch and Protect
Ensuring your devices are running the latest security patches is the single most effective way to secure your fleet. It’s really that simple.
Every time a vulnerability is identified, Device Manufactures work around the clock to patch these vulnerabilities as fast as they can. Older Operating System versions have a whole host of vulnerabilities. Known vulnerabilities are patched with the latest updates. Keeping your fleet updated – Windows 10, iOS, Mac Book, Android – that should be high on your to-do list.
If your devices are not updated to the latest version its likely some hacker is busy trying to work out how to make the most of these vulnerabilities and your devices are their target. From what we have seen it’s not random – while you are fast asleep they have worked out who your executives and finance team are and they will be the first targets. The threat is real and your business is not exempt.
Using multi-factor authentication is another effective way to protect your fleet. If you are a Microsoft 365 customer use Microsoft MFA, if you use Octa, Ping, Duo – great – make sure it’s deployed, make sure your systems can only be accessed with multiple layers of authentication. Then sleep easier.
Visibility of Threats
I have not been the biggest advocate of Mobile Threat Management. As a manager of an IT department I’m not a huge fan of additional licensing costs but the reality is hackers have gotten smarter – they know mobile devices are connecting to insecure networks – downloading dodgy apps and browsing ad-hoc. Companies like Lookout and Zimperium are leading the field in technologies to get in front of these threats with their Mobile Threat Defense products.
When Mobile Mentor first launched our Mobile Threat Management Service in 2014 it was passive – looking at apps deployed and make sure there were no detected threats and performing mitigating actions if something was detected. Things have changed significantly in the last year – we can now detect app threats, network threats and phishing attacks as they are happening in real time. One of our customers intercepted a man-in-the-middle attack against one of their executives as it was happening. We were able to shut down the threat in minutes. That’s cool stuff right there!
This is probably the most difficult to deploy. As a Mobile Security Specialist I spend a lot of my time talking to customers about the balance between Mobile Security and User Experience. Too much security ends up with devices in drawers – unusable. Too little focus on data loss protection ends up with insecure data and poor security practices. It’s a very fine line!
To be very transparent – there is no right answer. As a CISO I am responsible for making sure I am doing the best I can do to ensure my company and the services we deliver to our customers are following best security practices, that we are securing our customers data in the best possible way. I have an awesome team that works to ensure we are doing best by our customers. This is not a one-person job, there is no room for heroes. Its a team effort and it never ceases. Don’t under estimate the complexity and constant change that is happening around device security.
Mobile Mentor is celebrating our 15th year anniversary in November. Its very exciting times for us – we work hard to ensure our customers are protected, informed and empowered against today’s mobile threats. Please get in touch if you are interested in working together!