Best Practices for Mobile Security in BYOD

Mobile Security Problems Every Business Faces
March 19, 2014
Cutting Edge Cellebrite Forensic Tools Used by Law Enforcement
April 7, 2014
Show all

Best Practices for Mobile Security in BYOD

Two industry groups that support mobile messaging and online security released a list of best practices for consumers, companies and government entities. This report has addressed strategies for security against Internet protocol or domain name system (DNS) exploits, phishing scams and malware. Also addressed were mobile threats, which have come to light due to the trend in bring your own device (BYOD) practices.

The London Action Plan and M3AAWG

The London Action Plan (LAP) is a spam enforcement network on the international level. LAP and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) released the best practices jointly.

The guidelines for mobile device use have emphasized the ever-present need for strong security solutions in order to protect yourself and your company against spam, mobile malware and fraud (which occurs through premium rate scams). This document also highlights ways that you can ensure the security of apps that you or your employees download, in addition to the constant threat of jailbreaking devices or otherwise modifying them.

Baseband threats were explored in this report, as well. These are newly emergent malicious tactics by which attackers override legitimate signals from mobile network providers by setting up rogue networks to gain their own access to the devices of legitimate users.

Mobile Malware and Phishing

Mobile malware and attempts at phishing are still the top concerns for device users, according to a co-chairman for M3AAWG, Alex Bobotek. He shares the most often used ways that users become victims to ruses. He is also the lead voice for mobile messaging strategy and architecture at AT&T Labs.

The two main threats are spam and malicious trojans, the latter of which are installed through tricking the user, Bobotek recently told SC Magazine. The best way to avoid malware for mobile devices is for users to leave their devices non-jailbroken, and to avoid downloading apps unless they know the site is reputable.

Service Providers Need to Collaborate

The best practices to avoid spam include steps that can be taken by service providers that will thwart phishing attempts. This is a collaboration between mobile carriers, where they all note spam that is entering or exiting their respective networks.

If operators do not share data, spammers can freely operate within any country, if they only send their spam to subscribers of outside networks.

The bring-your-own-device (BYOD) movement will only gain more momentum, as the manufacturers of mobile devices continue delivering more powerful devices, and as the owners continue bringing their own tablets and smartphones to work. Employees see this as good news, but it poses enormous security problems for employers, according to Silicon Angle.

The Growing Task for IT Administrators

IT administrators have their hands full, juggling infrastructure support and security solutions in order to enable the company BYOD movement, and there are many third party solutions that purport to close the gap between IT and BYOD in order to smooth the abrupt transition to today’s mobile era.

Personal Devices in the Employer Environment

Some offerings will allow employees to use any of their personal devices for work purposes. They may offer secure app stores, file sharing abilities between employees and remote support for employee collaboration. They also offer desktop and Windows app virtualization and mobility management, allowing IT techs to remotely wipe potentially dangerous data from lost or stolen devices. They may have a unified management framework that will let the IT department secure and control devices and optimize users’ access to desktops, services and apps on any of their devices.

Employers can require their workers to agree to allow them to monitor the people who will be allowed to access corporate resources. Personal data for employees can be separated from corporate data by using privacy policies that are customizable and that can be based on the type of device a user owns. With this type of separation, a company can perform a remote wipe on a device owned by an employee, without affecting personal data on the device.