When you think about mobile security and bring-your-own-device (BYOD) policies, do you ever think about all the places your enterprise data is going? This time of year, many of us reward ourselves for all of our hard work with a well-deserved vacation. It’s time to get away from it all and relax! But in this mobile world we live in, “getting away from it all” has taken on new meaning. Now it is probably more accurate to say “getting away and taking it all with me.”

That might sound strange, but with the prevalence of smartphones and other mobile devices — not to mention the way BYOD is integrated into our personal and professional lives — we truly take it all with us to the beach and everywhere else.

The Need for Mobile Security

I just returned from my vacation, and each day, my family and I would pack a bag that we would carry back and forth between our condo, the pool and the beach. We packed everything you would expect: towels, sunscreen, swim goggles, speakers and a smartphone for each family member. Like any good security-minded professional, I warned my family not to leave the bag unattended. In other words, protect the devices!

In 2014, “The State of Mobile Security Maturity” study found the top mobile security concern among those interviewed was the potential for data leakage as a result of lost, stolen or compromised devices. Companies made it clear that their focus is on protecting the device — and with good reason. Smartphones literally go everywhere with us. Their portability makes them prime candidates for being lost or stolen.

In the past, I took my laptop on vacation with me, but corporate data was left behind. It stayed in the condo, locked inside where it was nice and secure. But with mobility and BYOD, however, all that data truly goes on vacation with me now. It went to the pool and the beach, ventured out to eat, played a few rounds of golf and visited all the local attractions. It was in my pocket, on the table, in my bag, in the golf cart, in the boat and in a number of locations where it could have been lost or stolen.

This is the new world for corporate data. Thanks to BYOD, it goes everywhere.

As Mobile Grows, So Do Security Threats

Cybercriminals and thieves are an industrious and opportunistic bunch. They recognize the growth in mobile and the opportunity it creates for them. As a matter of fact, the recent white paper titled “Mobile: The New Hackers’ Playground,” digs into this topic. With BYOD, attackers have literally been given millions of new entrance points to the enterprise. Their challenge is in determining which ones to exploit. Who do they target and how?

They frequently execute attacks by looking for a weak link through phishing and spear phishing activities, often succeeding and then laying in wait for the right opportunity to exploit their victim. This video offers a quick explanation of how this concept works in the real world.

While BYOD brings device protection to the forefront, there are other threats that need to be addressed, as well. A comprehensive mobile security strategy doesn’t stop at securing physical devices, after all — it also addresses securing content and collaboration, safeguarding applications and data and managing user access.

As you ponder where you are taking your corporate data, or maybe where others are taking it, think about what you are doing to make sure it stays safe.

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…