Companies sacrifice security for mobile convenience, survey finds

Ninety-three percent of organizations recognize that mobile devices present a serious and growing security threat, yet many organizations are failing to take even the most basic precautions, according to a recent report by Verizon.

Almost a third of respondents even admitted to having sacrificed mobile security to improve expediency and/or business performance.

“I think they agree it’s a threat, however they’re probably not as comfortable with the precautions they need to be taking,” says Justin Blair, executive director of business wireless services for Basking Ridge, New Jersey-based Verizon. “There’s a level of awareness that needs to be raised about what are the best practices and how to easily implement them.”

Malware, ransomware and device theft or loss emerged as the top threats that companies are concerned about, and are most likely to cause incidents, according to Verizon’s 2018 Mobile Security Index.

Malware is suspicious software that can infect a device, says Gary Davis, whose title at Santa Clara, California-based cybersecurity company McAfee is chief consumer security evangelist. Ransomware is a type of malicious software that takes over a device until a ransom is paid.

McAfee Labs detected more than 16 million mobile malware infestations in the third quarter of 2017 alone, nearly double the number it saw a year earlier.

Many of these threats can be avoided with some simple education and precautions, Davis says.

First, have your employees download a virtual private network (VPN), which establishes an encrypted channel between your device and the internet, he says. Also encourage them to use unique passwords and pins on their device, he says, noting some people disable these functions.

Only one in seven companies surveyed had four basic security practices in place, including changing all default passwords and encrypting data sent over public networks, Blair says.

Only 49 percent of firms have a policy regarding the use of public Wi-Fi, and only 47 percent encrypt the transmission of sensitive data across open, public networks, according to the Verizon report.

Beyond transmitting data across secure networks, another best practice is to update your apps and encourage employees to do the same, says Adam Schwam, president of Farmingdale-based Sandwire Corp., an information technology firm.

“You’re supposed to update them regularly because there could be security holes in them,” he says.

Still, with so many companies allowing or requiring employees to use their own devices, it gets harder to control what employees do with their phones, he says.

It may pay to issue company-owned mobile devices because they give you greater control from an application standpoint, Schwam says.

“If companies do provide a phone, they have the ability to control everything,” he says.

William Collins, president of NST Inc., an East Northport IT services company, understands this, and that is why he issues his employees their mobile devices.

He also uses mobile device management software that allows him to wipe clean a potentially compromised device, stop emails, etc.

“It helps protect intellectual property on the phone if an employee leaves or it’s stolen,” Collins says.

Beyond that, it pays to have mobile device policies in place, says Shari Claire Lewis, a partner in privacy, data and cyber law at Uniondale-based Rivkin Radler LLP.

This policy should include a requirement that a device be protected by a “robust” password that is changed frequently and that the company has the right to wipe out the contents of the device under certain circumstances, she said.

In terms of best practices, it also pays when dealing with confidential or proprietary information that employees not sign into unprotected public Wi-Fi, Lewis says.

Policies, of course, may vary depending upon the firm.

“Your mobile standards require a reasonableness approach that takes into account the sensitivity of the data you’re accessing and the circumstances in which you access it,” she says.