Evolving Requirements of BYOD Management - A Whitepaper

How are mobile devices being attacked?

Attack vectors can be classified into three major categories:

  • Monokle

    Surveillanceware that can log keystrokes, record the screen, etc.; installed via infected apps.

  • Agent Smith

    Mobile malware that replaces legitimate apps with fake ones and displays malicious ads.

  • WannaHydra

    Trojan spyware that steals banking credentials.

How are mobile devices being attacked?

Attack vectors can be classified into three major categories:

  • App-based threats

    Unapproved apps: 60% of all organizations do not vet the app installation source.

  • Device-based threats

    Outdated OS: 57% of Android devices are running an OS version less than two years old. 67% of iOS devices are running a version less than six months old.

  • Network-based threats

    Unauthorized Wi-Fi: 81% of employees admit to accessing corporate data using public Wi-Fi.

Ten tips on how effective MDM can be in nullifying mobile threats

In addition to the threats above, many other things can compromise mobile security, such as poor passcodes or unauthorized access to Exchange. Let's see how Mobile Device Manager Plus, our MDM solution, can bolster mobile security:

  • Enforce strong passcodes Ensure devices have non-guessable passcodes that adhere to your organization's compliance standards.
  • Control OS updates Ensure devices are always running the most secure OS version by either immediately deploying the securest version, or delaying devices from being updated to a version with known security issues.
  • Secure network access Prevent access to unsecured Wi-Fi networks and also ensure corporate data is only accessed using VPN (apply to the entire device or specific apps). You can also ensure all network communications are routed through your organization's proxy, and Blocklist unauthorized URLs.
  • Manage access to mailboxes Ensure only devices enrolled with Mobile Device Manager Plus can access Exchange mailboxes, which are bound to contain corporate data.
  • Secure lost devices Identify misplaced devices by remotely obtaining the device location or raising an audible alarm. Marking a device as lost will lock it, preventing any kind of unauthorized device usage. In the case of macOS machines, you can configure a firmware password to prevent devices from starting up from any internal or external storage device other than the startup disk you've selected.
  • Control apps Ensure only enterprise approved apps are installed on devices by creating your own enterprise app catalog and blocklisting non-approved apps. Limit users’ access to only select allowlisted apps by allowlisting them using Kiosk Mode, which also restricts users from modifying preconfigured device settings.
  • Enable geofencing In addition to identifying device location, you can also restrict devices to a particular geographical range (say, your organization's premises) to ensure corporate data stays put.
  • Encrypt corporate data Ensure there is no unauthorized access to your corporate data by encrypting it using the encryption options available on the device. For macOS machines, you can configure FileVault to encrypt the entire machine on the fly without affecting productivity.
  • Containerize corporate data In the case of personal devices, you can ensure only corporate data is managed, while having zero control over employees’ personal files, through containerization.
  • Restrict device
    functionality     To boost security even further, you can restrict basic device functionalities such as screen sharing or saving data in third-party cloud services. These security controls ensure corporate data can’t leave the device.

Free Trial!