As a result of the pandemic, IT administrators around the world have faced a number of new challenges. The rapid shift to remote working has brought with it entirely new security risks and threats that were previously unthought of. Many mobile devices are now returning to the office. Companies should have a good strategy for this. 5 Mobile Device Management Best Practices from Beyond Identity.
Now it's time to review mobile device management practices. While many companies are bringing their employees back to the office, a significant number of them will continue to work entirely from home or in a "hybrid" format. So the new risks will not disappear completely.
Back from the home office also harbors dangers
Users now log in from their personal mobile devices to access corporate data, and control over what and who logs in is often lacking. So what should one do to adjust to this new reality? Businesses should focus on the following five best practices for managing mobile devices.
1. Provide the user with a seamless and convenient solution
Mobile users don't interact with their devices in the same way as desktop or laptop users: they expect a seamless and convenient sign-in experience. Complicated login procedures often result in users attempting to circumvent them. Also, it can create a potential support issue for your helpdesk staff. Introducing passwordless authentication is one of the easiest ways to create a frictionless experience for users.
The best security solutions reinforce your security posture and dramatically simplify the login process. When choosing a mobile device management (MDM) solution, you should make sure that each potential candidate has the above characteristics. Don't create additional hurdles for your users.
2. Create a BYOD policy
Bring-your-own-device (BYOD) practices have surged following the pandemic-related shutdown of businesses. Therefore, a solid BYOD policy is a must if you want to improve your mobile security.
- Decide what types of mobile devices are allowed: BYOD doesn't mean you allow any user device on the network. You still have control over who and what can log in. Personal mobile devices should be up to date with all security and software updates and should not be modified, e.g. B. by "rooting" or "jailbreaking". Modded devices are a haven for malware.
- Establish strict security policies: Some users may prefer to forego certain security features on their devices, such as B. to a lock screen or biometric identification. With the ideal MDM solution, you can enforce this basic step and protect sensitive data that the user accesses during their session. Your security policies should also mandate updating device operating systems before granting access, especially after critical security updates.
- Set boundaries: Ensure your employees understand the limitations of BYOD devices and what is acceptable when using their mobile devices to access corporate services. This includes what third-party data, applications, cloud services, and software they are allowed to use. It's also useful to set expectations for the support you will provide for network issues (if any).
- Integrate your BYOD and Acceptable Use Policies: Employees will use their mobile devices for things they wouldn't or shouldn't access in the workplace. However, as long as they are connected to the corporate network, you are in control. Make sure your policy clearly states what is and isn't allowed. If you leave a gray area, trouble is inevitable.
- Establish an exit strategy: What happens when an employee using their own device leaves the company? Ensure there is a procedure in place to revoke access upon termination or departure from the organization. The lack of such a strategy opens the door to attacks by disgruntled employees. The ideal MDM solution protects you by allowing you to do it with just a few clicks.
3. Enable risk-based access policies
Managing mobile devices in your organization that you don't have direct control over can be difficult. For this reason, it is advisable to use risk-based access policies. These grant and restrict permission not only based on the person logging in, but also based on the device they are logging in from and the security posture of that device.
Any time an employee or contractor attempts to log in, your authentication platform should check for potential security risks, such as:
- Is there anything unusual about logging in, perhaps from a completely new location?
- Is the account accessing information it doesn't normally use?
- Is the mobile device up to date?
A risk-based access policy takes these factors and more into account before authorization. Don't be afraid to refuse approval if an application doesn't meet your standards. Better safe than sorry: Sensitive company data resides on your servers and a single intrusion is enough to reveal it. Don't take that risk.
4. Never trust, always check!
Patrick McBride, Chief Marketing Officer Beyond Identity “5 Best Practices for Managing Mobile Devices” (Image: Beyond Identity).
Security threats are no longer just external. While BYOD brings with it a number of challenges, there is a possibility that malicious actors could also launch an attack from corporate devices. Implementing Zero Trust security can protect against this.
At the heart of Zero Trust is the concept of “never trust, always verify”. This goes hand-in-hand with the concept of risk-based access policies. Regardless of who is logging in, you should constantly verify that the person is who they say they are and that the device meets your strict security guidelines. Access to sensitive information should be limited to what is necessary for the task at hand.
As pointed out several times, user-owned mobile devices pose a particular challenge. Zero Trust limits the number of ways an attacker can break in, and when they do, it limits their ability to move and cause real damage. With a traditional, perimeter-based approach, the attacker would have access to all the data the account has permission to see with little or no disruption.
5. Implement strong passwordless authentication
The first reaction to securing mobile devices is to require end users to choose strong passwords or employ strategies such as multi-factor authentication. However, this is no more than an emergency solution. It unnecessarily complicates the login process and still relies on the inherently insecure password.
So, say goodbye to the idea of the password, not just when managing your mobile devices, but for all the devices your organization's employees use, mobile or not. Passwordless authentication is not only for user convenience, but also makes the whole system more secure.
By implementing passwordless authentication, you strengthen your multi-factor authentication by replacing an insecure factor (like passwords) with a better, more secure factor (biometrics). This eliminates the most common entry point for attackers and prevents password-based attacks such as rainbow table attacks, brute force attacks, and credential stuffing.
More at BeyondIdentity.com
About Beyond Identity
Beyond Identity provides the secure authentication platform, breaking down the barriers between cybersecurity, identity and device management, and fundamentally changing the way users log in - without passwords and with a frictionless, multi-step login process. Beyond password-free, the company offers zero-trust access for securing hybrid work environments where tight control over which users and which devices access critical cloud resources is essential. The advanced platform collects dozens of risk signals from users and devices with each login, enabling customers to enforce continuous, risk-based access control. The innovative architecture replaces passwords with the proven asymmetric cryptography that powers TLS and protects trillions of dollars of transactions every day. Customers like Snowflake, Unqork, Roblox, and IAG turn to Beyond Identity to stop cyberattacks, protect their most important data, and meet compliance needs.