The launch of the smartphone has changed our behavior both in the workplace and outside of it to such an extent that we’re almost unrecognizable from ourselves at the beginning of the 21st century. Although we used to spend more time talking and interacting face-to-face, we were also wasting more time getting to places for meetings, not to mention transferring data or finding out crucial information. Just to give you a glimpse of this transformation, marketing data estimates we now spend an average of three hours and a half on mobile devices per day.

At the same time, whether to allow work from home, while traveling or to enable 24/7 monitoring of sensitive services and equipment, organizations have turned to smartphones to increase productivity.

A Cisco report from 2014 found that 9 out of 10 businesses were enabling their employees to use their own devices for work purposes, which resulted in an average of 37 minutes saved per week by working on the go and making use of dead-times.

Some people even run their businesses for short periods of time using nothing but their smartphone.

The threat of mobile endpoint hacks

The immediate and obvious downside of enabling people to work from their own laptops, tablets, and smartphones is the fact that a great deal of sensitive company data will go mobile. Your information will spread across a variety of networks and devices that, most often than not, are not as secure as the ones directly managed by your firm.

The risks are more extensive and immediate than you think and they come in three types: network-based, device-based, and app-based.

Let’s go through each of these to understand the kind of exposure you’re dealing with, as well as illustrate possible solutions for each area.

Application liability

Application-based risks are quite prevalent because apps are the predominant way that sensitive data will be accessed on Android and iOS devices. Some of the most known and common application threats include intrinsic software vulnerabilities in what concerns data storage and transfer, as well as malware and Trojans that can extract any information from a device without to user permissions. Following these, many applications display unsafe behaviors that can expose your organization to potential legal penalties by means of compliance breach.

In addition, with bringing your own device (BYOD) policies, there’s always the contingency that applications might be downloaded and installed from sources other than official stores.

In order to minimize these types of application liability, you’ll need to own software that is capable of performing constant app analysis on the devices that are not wholly owned by the company, but that have access to sensitive proprietary information. From knowing the entire list of applications that run on these gadgets, to the percentage of devices using them, and even down to the precise version and possible violation of each app, this is invaluable information that will help minimize and prevent security breaches.

Device exposure

Built-in software vulnerabilities and the compromising of devices by means of changing their developer stock firmware with a modified one, also called custom ROM are just two of the most frequent device-based risks you might encounter. Installing a custom ROM is more prevalent among Android device owners, as the technology’s open-source model allows its source code to be modified by the public in the manner of open collaboration. The corresponding method for iOS is jailbreaking, and it is arguably much harder to perform. In both of these processes, however, the user has to bypass the stock firmware in order to gain privileged control of the device, much like superuser permissions on Unix operating systems.

These advanced roots or jailbreaking techniques can present anything from a medium to a high-risk potential for the privacy of your company’s data, but they are not the sole way that employee devices can become exposed. Behavioral anomalies, out-of-date software, as well as improper configuration,  are just as likely to pose threats to endpoint mobile security. In a similar fashion to combating application exposure, dealing with device-based risks means creating and monitoring the fingerprint of each extrinsic machine.

Network-based risks

Finally, network threats might actually be more predominant than other types of exposure. The most widespread network risk is that of a Man-in-the-Middle attack, which commonly occurs when a malicious third party tries to introduce themselves between a smartphone and their connection to the web. Perpetrators will often try to impersonate, duplicate, or corrupt Wi-Fi hotspots in order to intercept network traffic and gain access to sensitive information.

Other typical MitM techniques are SSLStrip attacks and TLS protocol downgrades. If the first aims to do away with the encryption offered by secure, HTTPS websites, the second attempts to force the device into using a lower quality of communications protocol, i.e. one that is not encrypted. For this reason, it is vital that you find a way to monitor network connections as much as possible, while also educating your employees into current and new issues emerging with mobile endpoint security.

Effective endpoint security management with VPN

If you want all of your off-site devices to comply with security policies before they have access to sensitive information, the COPE (corporate-owned, personally-enabled) business model is the most appropriate and secure way to provide endpoint security to mobile connections. However, this is not as cost-effective or as sustainable as BYOD, not to mention that small to medium enterprises won’t be able to cover the initial expenses associated with such an investment.

Furthermore, you will have to guarantee secure admission to your internal network by setting up an independent, a remote-access VPN.

Although you will still need a way to monitor application liability and device exposure, there’s a simple and incredibly affordable solution to fend-off network-based risks in the form of a VPN service. These companies have done all the legwork for you, from the required investments to hardware setups, software programming, network configurations, and even specialized staff to maintain the architecture itself. There are quite a few VPN services out there, but not all of them are as secure as they claim. As such, you should consider only the best VPN providers, one of which is NordVPN, for effective endpoint security management.

In judging between different options, security is your top priority, of course, but cross-platform compatibility, good connection speeds, excellent customer support, as well as affordable pricing must also be factors that weigh in your choice of VPN. NordVPN scores high across the board, which is why we believe it is a perfect fit for mobile endpoint security.

Recommended reads:

NordVPN review