todd

Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices

With workplace mobility now a way of life and companies investing in cloud-based apps more than ever, security is moving beyond the four walls. Just a few years ago, you could rely on firewalls and endpoint security to protect your assets. Today, protection of employee passwords and related authentication solutions are the key to any cloud-based organization’s security.

In the article, Part 1: How Cloud Apps are Making Business More (and Less) Secure, I covered some of the ways cybercriminals are targeting mobile workers with proximity-based, phishing, and malvertising and malware attacks. Now, I’d like to address what a cloud-based mobile device security strategy should look like.

Mobile Worker Security Strategies

Avoid public Wi-Fi: Company VPNs that give employees secure access to their company network and data are a far better option than public Wi-Fi networks that can be the target for hackers setting up a fake network service.  Free Wi-Fi hotspots from both AT&T and Comcast Xfinity have been targeted in the past and put users at risk of having their login credentials stolen via a proximity-focused attack.  Make your secure VPN the first choice for remote workers or have them use their cellular service.

Implement two-factor authentication: This is an extra security measure in which you set up another way to log into an app besides entering a password. Typically you have to enter a code that the app texts via SMS or the phone app. This makes stealing a user’s password worthless. Cloud-based services like Google’s G Suite and Microsoft’s Office365 support two-factor authentication that is simple to put in place. You just need to make sure you enforce it for all of your employees.

Two-factor authentication helps with both proximity attacks and phishing attacks because it gives users an added layer of protection against being hacked by attackers who have managed to steal their credentials. We find that the majority of phishing victims are reusing the same weak password on multiple sites and do not have any additional authentication method.

Expand your user education program: To help avoid phishing attacks, you should train employees to not click on suspiciously formatted emails or unfamiliar links or download unknown apps no matter what device they’re using. Ensure your education program has some focus on phishing e-mails that redirect users to the app store for their device. Be especially wary of those e-mails offering free versions of paid apps. It’s almost always a scam.

Invest in malware protection:  The mobile device malware infection rate reached 1.35 percent in October 2016, which was the highest recorded since Nokia started its global Threat Intelligence Report in 2012. Smartphones were the top target and phishing was the number one vector. The best defense against malware on mobile devices is the same as with computers. Invest in anti-malware software to stop phishing clicks, downloads of malware, and active malware communication.

Automate software updates: Your IT team should also make sure employee mobile devices are updated as frequently as possible with software patches and systems updates. Don’t say no or I’ll do it later. Do it now.

IT managers can take an active role in security for mobile and bring your own device (BYOD) initiatives by following these simple guidelines above. Don’t trust the security of your organization to your employees.

By Todd O’Boyle

Todd O’Boyle

Todd is a co-founder and CTO at Strongarm, an Allied Minds company. Prior to Strongarm, Todd spent 15 years at The MITRE Corporation, providing technical support to the Department of Defense and the Intelligence Community. He also served as principal investigator for a project developing methods to improve how operators respond to adversaries.

Todd has a Bachelor of Science, Computer Science from Purdue University.

View Website
Cloud Migration and Cyberwar

Cloud Migration and Cyberwar

Cyberwar Concerns This last week the Washington Post published a bombshell story on the recent attacks on the US election infrastructure ironically under their motto “Democracy dies in darkness.” On the Vidder blog Thursday I said that ...
How artificial intelligence and analytics helps in crime prevention

How artificial intelligence and analytics helps in crime prevention

How Artificial Intelligence Helps Crime Prevention According to a study released by FBI, there is an annual increase of 4.1% in violent crimes and 7.4% in motor-vehicle thefts in the United States in 2016. Despite ...
Safeguarding Data Before Disaster Strikes

Safeguarding Data Before Disaster Strikes

Safeguarding Data  Online data backup is one of the best methods for businesses of all sizes to replicate their data and protect against data loss in the event of an IT outage or security incident ...
Avoiding the IOT ‘Twister’ Business Strategy

Avoiding the IOT ‘Twister’ Business Strategy

IOT ‘Twister’ Most organizations’ ‪ IOT Strategy look like a game of ‪ ‘Twister’ with progress across important IOT capabilities such as architecture, technology, data, ‪ analytics and governance; variables comprising a series of random investments and decisions. There is something ...
Best Practices in Disaster Recovery and Business Continuity

Best Practices in Disaster Recovery and Business Continuity

Best Practices in Disaster Recovery Hope for the best, prepare for the worst, and expect to be surprised. While that bit of proverbial wisdom certainly isn’t new, it seems almost tailor made for anyone dealing ...
The Lighter Side Of The Cloud - Easter Egg Hunt
The Lighter Side Of The Cloud - iPatch
The Lighter Side Of The Cloud - Due Diligence
The Lighter Side Of The Cloud - Whatever Happened To Alone Time?
CloudTweaks Comic
The Lighter Side Of The Cloud - Passwords
The Lighter Side Of The Cloud - Once A Year
The Lighter Side Of The Cloud - Really Smart Machines
The Lighter Side Of The Cloud - Recovery Experts

CLOUDBUZZ NEWS

Kaspersky Lab to open Swiss data center to combat spying allegations

Kaspersky Lab to open Swiss data center to combat spying allegations

LONDON (Reuters) - Moscow-based Kaspersky Lab plans to open a data center in Switzerland by the end of next year to help address Western government concerns that Russia exploits its anti-virus software to spy on ...
Worldwide Services Revenue Posts Steady Year-Over-Year Growth in the Second Half of 2017, According to IDC

Worldwide Services Revenue Posts Steady Year-Over-Year Growth in the Second Half of 2017, According to IDC

FRAMINGHAM, Mass. May 15, 2018 – Worldwide revenues for IT Services and Business Services totaled $502 billion in the second half of 2017 (2H17), an increase of 3.6% year over year (in constant currency), according to ...
Security in the Cloud—A Little Known Advantage, Actually

Security in the Cloud—A Little Known Advantage, Actually

Okay, I’ll go ahead and say it: Public cloud infrastructures are more secure, and the security is more cost-effective, than the majority of on-premises data centers. That should get the blood flowing. With the word ...