Mobile business applications are game changers for companies. However, many businesses show reluctance when it comes to ramping up the number of mobile phones included in their device-asset portfolio because they are paralyzed over security worries. And then there are companies that do embrace mobile devices but do not think there’s a need for greater security because they believe ill-conceived ideas about safety. Together, we end up with a list of absolutely ridiculous mobile security myths — kind of like the myth that there are people who want to see another “Zoolander” movie!
Let’s debunk a few of these mobile security myths.
Mobile security myths #1: Mobile devices are basically thin clients — no encryption needed
A surprisingly large number of companies fail to acknowledge the need for mobile device security. The basic premise they believe is that mobile devices are just used as thin clients, so they don’t need a lot of encryption. However, considering the kind of sensitive information stored in mobile devices, that’s a bit of a loose assumption.
Sales notes, price lists, photos, contact lists, and a lot of sensitive information — you name it, and you have it in your mobile device. Field personnel use mobile devices pretty much for all the data transactions they need to do with their employers. Considering this, mobile device data encryption is highly relevant in these times.
Myth #2: Mobile antivirus software is an unnecessary expense
This is one of the most ridiculous myths going around in the mobile security space. Personal, professional, and enterprise users believe that because their mobile devices are so personal, they’re anyways protected, and don’t need an antivirus.
The big question to ask is — does the mobile browser not connect to the same Internet that cybercriminals use to execute their nefarious designs? Of course it does. And of course, you need an antivirus for mobile devices. Especially for companies looking to open up in terms of BYOD, it makes sense to put a mandatory antivirus rule in place for employees who execute enterprise work on their mobile devices, especially Android devices. iOS devices are less susceptible to malware, but as we have seen they are not immune.
This is about as sensible as not making another “Meet the Parents” movie!
Myth #3: Mobile devices are not necessary to be included in IT audits
Organizations commit a huge mistake when they choose to not include mobile devices in the scope of IT security audits. Even those who do often limit the audit scope to centralized monitoring and regulation of content downloaded on mobile devices.
However, it’s important to focus on security audits on mobile device use practices adopted by field personnel. For organizations that have endorsed BYOD, the need to clearly outline a thorough security audit plan for mobile devices can just not be ignored anymore.
Myth #4: Mobile devices are less secure than desktop devices
There’s this parallel wave mobile security myths that consider mobile devices as inherently less secure as compared to their desk-based counterparts. On the contrary, there are several aspects where mobile security is ahead of desktop security. For instance, the ability to remotely secure data, switch the device on, track its location, and trigger panic alarms and actions have been present in mobile devices for a long time now.
The data footprints of mobile devices are small because most of the data is saved on the cloud. Because they’re thin clients (unlike desktops, which have lots of data packed on hard disks and flash storage), mobile devices inherently have a less data-based attack surface. Of course, companies need to build on these security strong points instead of being complacent about mobile device security.
Myth #5: Wearables, what?
There was a time when a company’s field workforce would not have any wearable device. Today, it’s common for manufacturing companies’ employees to carry a lot of wearable technology products to work. Even employees with desk jobs can make use of wearable technology to do their work better.
A recent Tech Pro Research report suggests that wearable devices could be a growing security risk because less than 60 percent of these devices are secured. That leaves a large threat surface area for enterprises to cover up. So, adoption of wearable technology has to be accompanied with a sense of urgency in making it secure enough for business use.
Myth #6: BYOD = bring your own doom
Well, that’s the way it’s being slandered in some circles! Considering how we’ve tried to explain the importance of mobile device security in the workplace by debunking five mobile security myths already, it ought to imply that, in fact, mobile devices are risk-prone from a security perspective.
Well, not quite. Hundreds of global enterprises have put BYOD in place successfully and leveraged it to enable a remotely connected workforce. That’s possible by implementing firm IT security guidelines along with BYOD, coupled with strong monitoring, auditing, and filtering of the devices added to the network. Also, user training in terms of mobile device usage best practices is a necessity and helps make devices owned by employees as secure as enterprise-issued devices.
Myth #7: Monitoring and maintaining mobile security health is difficult
Well, this is one of our mobile security myths that also has some truth. Agreed, it’s not as easy as monitoring and maintaining desktops. However, there are several ways companies can build systems to help device operators manage mobile security on their own.
More importantly, enterprises can put practices and mechanisms in place to ensure that these devices are brought in the company network at least once every fixed number of days for all new security patches to be pushed into them. These incremental investments in mobile-specific security monitoring and maintenance will easily return your investment in terms of enabling more work to be done from remote locations.
Myth #8: Asset loss is a serious roadblock
Of course, mobile phones are more likely to be lost, misplaced, or stolen, as compared to workplace PCs and laptops. However, modern enterprise asset management systems are very robust and can track thousands of mobile devices without any issues at all.
For the asset management system, every device is just another entry in the database, so it doesn’t care whether you’re tracking a laptop or a mobile phone! A decent practice for enterprises to adopt is to have the means of deleting all data held in a mobile device via a remote command, in case the device is lost or stolen.
Advantages outweigh the disadvantages
Mobile devices have a lot to contribute to the modern workplace, and by debunking these ridiculous myths around mobile device security, we’ve attempted to give companies more reasons to speed up their mobile adoption game.
There are just too many advantages for mobile devices to use as an organizational strategy to ignore their capabilities.
Photo credit: Shutterstock