When you think about mobile security and bring-your-own-device (BYOD) policies, do you ever think about all the places your enterprise data is going? This time of year, many of us reward ourselves for all of our hard work with a well-deserved vacation. It’s time to get away from it all and relax! But in this mobile world we live in, “getting away from it all” has taken on new meaning. Now it is probably more accurate to say “getting away and taking it all with me.”

That might sound strange, but with the prevalence of smartphones and other mobile devices — not to mention the way BYOD is integrated into our personal and professional lives — we truly take it all with us to the beach and everywhere else.

The Need for Mobile Security

I just returned from my vacation, and each day, my family and I would pack a bag that we would carry back and forth between our condo, the pool and the beach. We packed everything you would expect: towels, sunscreen, swim goggles, speakers and a smartphone for each family member. Like any good security-minded professional, I warned my family not to leave the bag unattended. In other words, protect the devices!

In 2014, “The State of Mobile Security Maturity” study found the top mobile security concern among those interviewed was the potential for data leakage as a result of lost, stolen or compromised devices. Companies made it clear that their focus is on protecting the device — and with good reason. Smartphones literally go everywhere with us. Their portability makes them prime candidates for being lost or stolen.

In the past, I took my laptop on vacation with me, but corporate data was left behind. It stayed in the condo, locked inside where it was nice and secure. But with mobility and BYOD, however, all that data truly goes on vacation with me now. It went to the pool and the beach, ventured out to eat, played a few rounds of golf and visited all the local attractions. It was in my pocket, on the table, in my bag, in the golf cart, in the boat and in a number of locations where it could have been lost or stolen.

This is the new world for corporate data. Thanks to BYOD, it goes everywhere.

As Mobile Grows, So Do Security Threats

Cybercriminals and thieves are an industrious and opportunistic bunch. They recognize the growth in mobile and the opportunity it creates for them. As a matter of fact, the recent white paper titled “Mobile: The New Hackers’ Playground,” digs into this topic. With BYOD, attackers have literally been given millions of new entrance points to the enterprise. Their challenge is in determining which ones to exploit. Who do they target and how?

They frequently execute attacks by looking for a weak link through phishing and spear phishing activities, often succeeding and then laying in wait for the right opportunity to exploit their victim. This video offers a quick explanation of how this concept works in the real world.

While BYOD brings device protection to the forefront, there are other threats that need to be addressed, as well. A comprehensive mobile security strategy doesn’t stop at securing physical devices, after all — it also addresses securing content and collaboration, safeguarding applications and data and managing user access.

As you ponder where you are taking your corporate data, or maybe where others are taking it, think about what you are doing to make sure it stays safe.

More from Endpoint

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…