One of the largest data security risks for most organizations continues to be mobile devices. Each employee may have 3 or 4 endpoint devices - smartphones, tablets, laptops - which are connecting to the corporate network or contain sensitive data. Many of these devices are personally-owned, and whether supported by an official BYOD policy or not, these devices are increasing the potential points of ingress for cyber criminals. Given the scope of the threat, one would expect that managing the endpoint would receive greater priority within IT security, but data indicates even basic precautions are still being overlooked.
According to a survey conducted by Champion Solutions Group, more than half of US companies (53%) still lack a formal BYOD policy. In the survey, “Real-World Mobile Device Security Practices,” 447 organizations where polled on how they are securing mobile devices in the workplace. The survey revealed that more than one-fourth of organizations lack a systematic security approach, so it’s not surprising that these organizations struggle to manage the endpoint.
In addition to the lack of a formal BYOD policy, the survey looked at other basic protections for mobile devices. According to the survey, only 21% of organizations use multifactor authentication (MFA), which is one of the ways that organizations can reduce the risk of compromised credentials, which has been a major source of data breaches this year. A further 30% of organizations do not require alphanumeric passwords, a far more basic precaution than MFA. Perhaps more surprising, 23% of organizations don’t lock out mobile access after repeated failed sign-ons, leaving organizations open to brute-force attacks.
There are many ways that organizations could add layers of protection to endpoint devices, but the survey reveals that organizations have yet to decide upon or implement even basic precautions, particularly when it comes to smartphones.
At Absolute, we talk a lot about a framework that is layered, focusing on a solid base of policies and processes supported with layered technologies. For the endpoint, which is so mobile, visibility is important. It’s vital that organizations know where all endpoints are (including BYOD devices) and that data is constantly protected, with alerts to any irregularities to hardware, software or user behaviour. With level of control over devices, you can react quickly to isolate an attack or freeze a device. To learn how Absolute DDS provides this level of endpoint security, visit Absolute.com