Boosting Mobile Defense: A Comprehensive Guide to Mobile Security

Your organization’s mobile security strategy is a vital part of your overall cybersecurity posture. Not only do mobile devices contain valuable personal data, but they also serve as a gateway to the information you store in the cloud. If you issue smartphones and tablets to your employees, a single high-profile vulnerability could compromise dozens of devices. If you embrace bring-your-own-device (BYOD) policies, you may not have any visibility into the applications your employees use. Mobile devices help facilitate remote and hybrid work, but they also provide tempting targets for threat actors.

To balance convenience and risk, you’ll need to develop a comprehensive mobile cybersecurity strategy. There are many ways to accomplish this, from staying abreast of common threats to tightening up your network access policies. With up-to-date devices, reputable apps, specialized security software, knowledgeable IT staff, and well-educated employees, you can safeguard your smartphones, your staff, and your sensitive data.

‍

Develop a mobile threat defense strategy

Mobile threat defense (MTD) is the backbone of a good mobile security policy. Rather than rely on a single program or policy, MTD takes a holistic approach to smartphone and tablet security. A number of different cybersecurity strategies comprise MTD:

• Threat detection and analysis: Using a database of known threats, MTD can analyze apps, text messages, login attempts, and similar data points to determine whether a user account is compromised.
• Threat mitigation: MTD gives your organization visibility into employee devices. IT administrators can warn employees about potential threats, or even send over-the-air security updates directly.
• Automated security policies: Selectively limiting remote access is part of a cohesive MTD strategy. You can use criteria such as IP addresses, time of day, or file access patterns to approve logins or restrict permissions.
• Breach response tools: In case a threat actor does gain access to your network, MTD solutions employ real-time detection tools that can lock attackers out automatically. IT managers can also handle the process manually, removing malicious apps or remotely wiping devices.
• Artificial intelligence (AI) and machine learning (ML) processes: Modern MTD strategies incorporate AI and ML algorithms to identify threats by analyzing patterns rather than simply cross-referencing databases.

Using these features, MTD technologies can help protect against phishing scams, malware, OS vulnerabilities, unsecured networks, and similar threats.

For more details on MTD capabilities, read Mobile Threat Defense: Safeguarding Your Data on the Go.

‍

Manage mobile vulnerabilities

According to the Computer Security Resource Center (CSRC), a vulnerability is a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” Because mobile devices use so many different OSes, firmware versions, and third-party apps, it’s not possible to eliminate vulnerabilities entirely. Instead, you can mitigate these threats with a mobile vulnerability management process and a risk-based vulnerability management model.

The mobile vulnerability management process has four steps:

1. Assess risks: Make a list of all the hardware and software your organization uses, then research known vulnerabilities for each one.
2. Prioritize vulnerabilities: Determine which devices and programs are most important to your operations, as well as whether a threat actor could realistically exploit their vulnerabilities.
3. Remediate threats: Proactively address vulnerabilities through patches, access controls, or reconfiguration. If these solutions aren’t applicable, consider switching to a different piece of hardware or software.
4. Report results: Evaluate whether your systems are still vulnerable. If so, repeat the remediation step. If not, move on to the next-highest priority.

A risk-based vulnerability management model also has four steps:

1. Determine risk tolerance: Because mobile devices are so diverse and can access just about any corner of the internet, addressing every vulnerability is not realistic. Focus on likely threats rather than obscure ones.
2. Identify vulnerable apps and sites: Malware is not the only mobile security software risk. Overly broad permissions, unrestricted communication, and misconfigured settings can also put employees and data at risk.
3. Draft a policy: Your organization should know exactly how and why you’ve built your cybersecurity framework. Create a detailed policy and be ready to update it as new threats emerge.
4. Educate your staff: Once your policy is in place, share it with your staff. Give them the tools they need to recognize and counteract cyber threats.

Read Mastering the Mobile Vulnerability Management Process and How to Use a Risk-Based Vulnerability Model to Secure Mobile Devices for a deep dive into mobile vulnerability mitigation.

‍

Comply with government standards

Your organization may need to comply with United States government standards for legal reasons. Even if it doesn’t, however, the Cybersecurity Maturity Model Certification (CMMC) and National Institute of Standards and Technology (NIST) can provide valuable frameworks for mobile security. If you don’t have a formal strategy in place, consider using government guidelines as a foundation.

CMMC mobile security

The CMMC regulates sensitive digital data in the defense industry. There are three different levels of compliance, with Level 1 requiring only 15 specifications and Level 3 requiring more than 110. There are three requirements for mobile devices in particular:

• Control mobile device connections;
• encrypt controlled unclassified information (CUI) on mobile;
• and protect mobile code.

The CMMC Model Overview provides more detailed information.

NIST cybersecurity framework

Whereas the CMMC is specific to the defense industry, the NIST framework can apply to organizations in any field. There are five discrete steps to follow:

1. Identify: Make a list of all the hardware and software that your staff, your vendors, and your contractors use.
2. Protect: Install a security suite, keep your devices and programs patched, and encrypt your sensitive data.
3. Detect: Monitor who logs into your network. Use mobile threat intelligence to determine whether suspicious activity could indicate a compromised account.
4. Respond: Develop a plan in case you suffer a data breach. Know in advance how you will notify employees, communicate with stakeholders, and contain the damage.
5. Recover: After a breach, determine what went wrong and update your policies to prevent it from happening again.

To learn the specifics of each government policy, read CMMC Mobile Security: A Guide to Compliance for Enterprise Organizations and How to Apply the NIST Framework to Your Mobile Security Strategy.

‍

Implement mobile EDR

Mobile endpoint detection and response (EDR) can be a versatile part of your mobile security strategy. You can install mobile EDR software on employee devices, which will then alert you to outdated hardware, misconfigured software, malicious apps, social engineering attempts, and similar threats. By combining human oversight with AI algorithms, modern EDR systems can track novel threats as well as known ones.

A good mobile EDR solution should provide:

• Threat intelligence: Because researchers discover mobile vulnerabilities so frequently, a mobile EDR solution should receive automatic updates from a threat database. IT managers should not have to oversee this process manually.
• Detailed telemetry: Your IT and security teams should be able to view information about every smartphone and tablet in your organization from a unified, intuitive platform. The readout should include details about a device’s OS, installed apps, and general risk level.
• Customizable access policies: Mobile EDR solutions can assign risk levels to mobile hardware based on their patch level, IP address, current users, and similar criteria. You can restrict access for high-risk devices.
• Real-time alerts: If a mobile EDR system detects suspicious or unusual activity, it can notify the IT department. An administrator can then warn the user or lock them out of the network, as needed.

Check out Mobile Endpoint Security: Why Enhancing EDR for Mobile is Critical to Your Business for a comprehensive look at mobile EDR solutions.

‍

Secure smartphone and tablet apps

There are more than 5 million apps available from the Apple App Store and the Google Play Store — to say nothing of employees sideloading their own. Malicious apps provide an obvious vector for cyber attacks, but even legitimate apps can contain dire vulnerabilities. We’ve outlined seven steps for mobile app security, six of which we’ve already covered:

• Vet mobile apps
• Enforce access controls
• Encrypt sensitive data
• Train your employees
• Use mobile EDR
• Comply with industry regulations

The other important step is to monitor shadow IT at your organization. Shadow IT refers to employees using their own hardware and software for work, whether or not you’ve authorized them. While shadow IT isn’t inherently dangerous, it can represent a big unknown in your organization’s security posture. Consider a mobile security solution that grants visibility to both company-issued and personal devices.

To learn about each step in detail, check out The 7 Essential Steps for Ensuring Mobile App Security.

‍

Maximize your cybersecurity posture with mobile EDR

From threat analysis to real-time alerts, mobile EDR can be an integral part of your organization’s approach to mobile security. Read the Lookout e-book The Mobile EDR Playbook to learn more about how this technology can complement cybersecurity research, analysis, and education. The e-book poses four questions that can help you identify common threats, devise effective countermeasures, and ultimately protect your most important data.