When you think about mobile security and bring-your-own-device (BYOD) policies, do you ever think about all the places your enterprise data is going? This time of year, many of us reward ourselves for all of our hard work with a well-deserved vacation. It’s time to get away from it all and relax! But in this mobile world we live in, “getting away from it all” has taken on new meaning. Now it is probably more accurate to say “getting away and taking it all with me.”

That might sound strange, but with the prevalence of smartphones and other mobile devices — not to mention the way BYOD is integrated into our personal and professional lives — we truly take it all with us to the beach and everywhere else.

The Need for Mobile Security

I just returned from my vacation, and each day, my family and I would pack a bag that we would carry back and forth between our condo, the pool and the beach. We packed everything you would expect: towels, sunscreen, swim goggles, speakers and a smartphone for each family member. Like any good security-minded professional, I warned my family not to leave the bag unattended. In other words, protect the devices!

In 2014, “The State of Mobile Security Maturity” study found the top mobile security concern among those interviewed was the potential for data leakage as a result of lost, stolen or compromised devices. Companies made it clear that their focus is on protecting the device — and with good reason. Smartphones literally go everywhere with us. Their portability makes them prime candidates for being lost or stolen.

In the past, I took my laptop on vacation with me, but corporate data was left behind. It stayed in the condo, locked inside where it was nice and secure. But with mobility and BYOD, however, all that data truly goes on vacation with me now. It went to the pool and the beach, ventured out to eat, played a few rounds of golf and visited all the local attractions. It was in my pocket, on the table, in my bag, in the golf cart, in the boat and in a number of locations where it could have been lost or stolen.

This is the new world for corporate data. Thanks to BYOD, it goes everywhere.

As Mobile Grows, So Do Security Threats

Cybercriminals and thieves are an industrious and opportunistic bunch. They recognize the growth in mobile and the opportunity it creates for them. As a matter of fact, the recent white paper titled “Mobile: The New Hackers’ Playground,” digs into this topic. With BYOD, attackers have literally been given millions of new entrance points to the enterprise. Their challenge is in determining which ones to exploit. Who do they target and how?

They frequently execute attacks by looking for a weak link through phishing and spear phishing activities, often succeeding and then laying in wait for the right opportunity to exploit their victim. This video offers a quick explanation of how this concept works in the real world.

While BYOD brings device protection to the forefront, there are other threats that need to be addressed, as well. A comprehensive mobile security strategy doesn’t stop at securing physical devices, after all — it also addresses securing content and collaboration, safeguarding applications and data and managing user access.

As you ponder where you are taking your corporate data, or maybe where others are taking it, think about what you are doing to make sure it stays safe.

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]