Mobile Security
One of the most challenging areas to implement robust security is with mobile devices and applications.
Even the most security-conscious organisation may have a challenging time managing a diverse collection of mobile devices such as Androids, iPhones and tablets. Each device comes with a different operating system, updates, patches, encryption, applications and security software.
Many commercial enterprises use tablets without appropriate android or iOS security apps for ordering, billing, internal communications and loyalty programs and transmit critical data wirelessly and often via custom applications or software.
As globalisation continues, the standard working day changes and mobile devices are used 24/7, both in the office and in diverse geographic locations, reinforcing the importance of the need for mobile security apps.
Malware and exploits aimed specifically at mobile devices and applications are common, with goals including interception of data, ransom attacks, destructive viruses or social-engineering attacks such as phishing. Mobile devices are often exposed to nearly every attack a desktop system may encounter, plus some specifically targeted to mobile devices – and yet the mobile security measures are often considered secondary to functionality. Mobile devices bring considerable communication advances, but come with an entire range of new issues, even with antivirus apps installed.
Employees generally retain company devices beyond the office, and use them outside of business requirements. They may be frequently connected to free Wi-Fi services, used for personal banking or online purchases. They may also be used by family members to communicate, play games, download applications and transfer data at the risk of compromising mobile security. The popularity of “Bring Your Own Device” (BYOD) is also increasing, meaning that significantly less control over the content and usage of mobile devices is in the hands of the organisation.
Many of these devices are then connected to the internal network, and present a genuine risk to an organisation’s security posture.
Requirements for compliance and governance of mobile devices and applications, especially android security, can also be complex and confusing, and in many cases no defined standard is in place.
Even organisations that consciously implement a Mobile Device Management (MDM) solution may not have full visibility of what is protected and how. Antivirus apps and other potentially dangerous android security apps can be downloaded at an employee’s discretion which could compromise an entire organisation’s mobility security framework.
Testing the mobile security of devices is essential to uncover vulnerabilities and exposures, and lead the way to determining best-practice, configuration recommendations and lists of safe and unsafe apps.
Industry Leaders
Sense of Security employs specialist consultants with considerable expertise in mobile device and application security, and knowledge of current governance requirements. Consultants can assess compliance to specified standards (PCI DSS for example).
If required, they can actively conduct mobility tests on your devices, systems and applications to attempt to compromise the device or even gain access to your internal network.
Where custom application or software solutions are in place, SOS can assess the source code or otherwise test the application for vulnerabilities, utilising established internal methodologies and respected industry standards such as OWASP (Open Web Application Security Project).
A Sense of Security mobility test can be performed to an agreed scope to test your company’s mobile security position and provide recommendations for how to better secure the broad range of mobile devices and security apps in use.
To discuss how our specialist security services can help your organisation with mobility security matters please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.