Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It



Similar documents
Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Symantec Mobile Management 7.2

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Security

5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

Best Practices for a BYOD World

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Web Protection for Your Business, Customers and Data

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Top 5 Reasons to Choose User-Friendly Strong Authentication

Endpoint Protection Small Business Edition 2013?

The Symantec Smartphone Honey Stick Project

Symantec Mobile Management 7.1

Managing SSL Certificates with Ease

Symantec Mobile Management 7.1

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Symantec Endpoint Protection

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

10 best practice suggestions for common smartphone threats

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Bring Your Own Device (BYOD) and Mobile Device Management

Why Digital Certificates Are Essential for Managing Mobile Devices

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

How To Support Bring Your Own Device (Byod)

Athena Mobile Device Management from Symantec

Securing Corporate on Personal Mobile Devices

Securing mobile devices in the business environment

Symantec Endpoint Protection

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Kaspersky Security for Mobile

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

PULSE SECURE FOR GOOGLE ANDROID

Security and Compliance challenges in Mobile environment

Data Protection Act Bring your own device (BYOD)

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

How To Manage A Mobile Device Management (Mdm) Solution

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

Host-based Protection for ATM's

EasiShare Whitepaper - Empowering Your Mobile Workforce

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise

Guideline on Safe BYOD Management

Payment Card Industry Data Security Standard

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

Two-Factor Authentication

Conducting a Risk Assessment for Mobile Devices

Symantec Mobile Management Suite

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Use of tablet devices in NHS environments: Good Practice Guideline

2012 Endpoint Security Best Practices Survey

MTP. MTP AirWatch Integration Guide. Release 1.0

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Document Sharing on Mobile Devices. Securing Productivity on the Go!

Bring Your Own Device (BYOD) and Mobile Device Management.

INFORMATION PROTECTED

Secure Your Mobile Workplace

Control Issues and Mobile Devices

Cyber Security Services: Data Loss Prevention Monitoring Overview

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

North American Electric Reliability Corporation (NERC) Cyber Security Standard

White paper. How to choose a Certificate Authority for safer web security

Internet threats: steps to security for your small business

Chris Boykin VP of Professional Services

Bring Your Own Device Mobile Security

Module 1: Facilitated e-learning

Closing the Vulnerability Gap of Third- Party Patching

Finding Security in the Cloud

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Symantec Managed PKI Service Deployment Options

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Samsung Mobile Security

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices

Technical Note. ForeScout MDM Data Security

Symantec Backup Exec.cloud

Transcription:

WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should read this paper CIO, CISO, VP IT Operations, Mobile Architect, Mobile Program Manager. This paper briefly reviews the top six threats to your mobile workforce, matching real-world hazards with really helpful ways you can take action and achieve the security your business requires.

Content Introduction........................................................................................................... 1 1. Device loss and theft................................................................................................. 1 2. Data leakage......................................................................................................... 1 3. Malware and malicious attacks........................................................................................ 2 4. Shared devices and passwords........................................................................................ 2 5. Jailbreaking and rooting.............................................................................................. 2 6. Wi-Fi and wireless snooping........................................................................................... 3

Introduction When your workplace is mobile, will your business get carried away? The mobile devices your employees love to use on their own time have now also become the business tools they use on your dime. Our recent research tells the story: 65 percent of our surveyed companies give employees network access through their own devices; 80 percent of the applications these employees use are not based on-premise, but in the cloud; and 52 percent regularly use, not one, but three or more devices. Sure, these mobile devices including smartphones, laptops and tablets open up new opportunities for portable productivity. But by their very mobile nature, they also open new vulnerabilities: new ways to lose data, lose protection and lose confidence in the security of your company network. Fortunately, productivity and protection can travel together if you fully understand what the risks are and what you can do to mitigate them. This paper briefly reviews the top six threats to your mobile workforce, matching real-world hazards with really helpful ways you can take action and achieve the security your business requires. 1. Device loss and theft The most obvious risk is often met with the most obvious response: anticipate replacing lost devices. But many working devices are owned by the employees themselves the "bring your own device" phenomenon. More importantly, it's what is on the device, not the device itself, that truly matters. Every lost device is a potential portal to your company's applications and data. Think we're overstating the issue? In 2012, we put our concerns to the test. In a project we called, "Operation Honey Stick," we "lost" ten smartphones in each of five major cities: Los Angeles, San Francisco, Washington D.C., New York City and Ottawa, Canada. Every phone was loaded with simulated corporate data and applications, and then abandoned in high-traffic areas. In the plus column for humanity, attempts were made to return half of the 50 phones. But from there, the numbers reveal a much bleaker picture of human nature. On 89 percent of the devices, attempts were made to access personal apps or data which suggests that even the erstwhile do-gooders were tempted to do some bad. A total of 83 percent showed attempts to access corporate-related apps or data. A "saved passwords" file was accessed on 57 percent of the phones; on 49 percent, finders took a poke at a "Remote Admin" app that simulated access to the corporate network. Lesson learned: instead of focusing on lost devices, companies need to protect sensitive data that could be potentially lost. Basic device management must be complemented with policies for app and data protection. At one level, this means having the ability to quickly locate lost devices and perform remote data wipes; for protection at a deeper level, businesses should secure apps and encrypt corporate data on the move. 2. Data leakage Much has been said about threats from "malevolent insiders" who deliberately seek out and share confidential business information. But the greater threat may be from benevolent, well-intended employees who use cloud-based services, such as email and online collaboration tools, to simply get more work done more quickly. On the ever-evolving pathway toward greater ease of use (also known as: "consumerization"), employees feel comfortable working with applications designed for the convenience of consumers, not for the security concerns of corporations. 1

But once in the cloud, your business data may be beyond your control. The popular file-sharing and document editing programs employees like usually lack the access and authorization protocols businesses need for data protection. Without deliberate controls, data can "leak" out of the corporate IT sphere and into the less secure world of risks Appropriate app and data protection must take a two-pronged approach to security: 1) enforcement of an application blacklist that prohibits access to non-approved applications; and 2) deployment of controls that prevent business data from being copied, pasted and/or otherwise shared via online applications. Relevant app and data protection capabilities include: App-specific authentication Data encryption Copy/paste blocking Disabling document sharing Blocking access to modified (rooted or jail-broken) devices 3. Malware and malicious attacks In hard numbers, many more malware attacks threaten PCs than mobile devices. But the amounts of attacks on mobile devices are growing at a much faster rate. While traditional IT professionals are not paying much attention to mobile malware, the bad guys see mobile as their next big growth opportunity. At risk: identity theft, information exposure and data loss incurred by malicious attacks from trojan horses, monitors, and malware hitchhikers. Of these, the biggest threat may be "spoofed" apps; under the camouflage of a popular game or application, and the lure of a free download, these apps sneak malicious code into the device that can skim money from accounts or extract data from business networks. So-called "security" freeware lacks sufficient brawn and brains to address constantly mutating malware and ever evolving efforts to break business data barriers. Truly effective threat protection must account for the variations in risk profile among different platforms, and apply coordinated action to secure business assets against external attacks, rogue apps, unsafe browsing, and even poor battery use. 4. Shared devices and passwords According to recently published studies, near half of all employees share their devices with friends and family; another 20 percent share their passwords. Unfortunately, casual sharing of accounts represents the majority of workforce security breaches. Protecting mobile devices means much more than applying a screenlock. Before users can access business data and applications, it may be prudent to authenticate their identities. Consider applying a two-factor approach to authentication the key to successful user and app access management, and app and data protection that combines something the user knows (like a password) with something the user has (such as a token, a fingerprint or a retinal scan). 5. Jailbreaking and rooting In a BYOD world, it's easy for an employee to introduce a "jail-broken"/"rooted" device into the corporate environment. Such device modifications can circumvent security protocols, uninstall security features, and open access to previously protected file systems and data controls. 2

Businesses need to apply device management policies that apply consistent standards for configuration and security across all devices, whether they are owned by the company or the employees. Devices that have been modified should be identified and denied access to protect the corporate network. 6. Wi-Fi and wireless snooping If it's "free," it's probably fake; any hot spot that conspicuously calls itself "free" is likely to be fishing for data on the move. Users often do not recognize their vulnerability, and companies have no control or visibility into 3G, 4G and 4G LTE channels. Complete app, data, and device management policies should protect at two levels: Communication, such as corporate email, through secure SSL or VPN connections Encryption of corporate data when it is in transit and at rest within mobile devices To learn more about enterprise mobility that offers complete protection without compromising the user experience, visit http://go.symantec.com/mobility. 3

About Symantec Symantec protects the world s information, and is a global leader in security, backup, and availability solutions. Our innovative products and services protect people and information in any environment from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our worldrenowned expertise in protecting data, identities, and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at go.symantec.com/socialmedia. For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 1/2013 21283507

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information