Verizon’s recently published 2018 Mobile Security Index demonstrates how difficult it is to balance convenience and user experience with security in the enterprise. In light of all of the well-publicized data breaches, the fact that almost a third (32%) of enterprises surveyed had not fully secured their mobile devices is an eye-opening statistic.
This is in spite of the fact that they have seen 2.4x as many problems as the 68% of companies that hadn’t loosened security. And that 64% of enterprises say that mobile security threats have increased, and expect them to increase in the future.
So if IT managers know the risks why are such a large percentage willing to take a chance with mobile security? It’s not the money—61% of the enterprises surveyed expect their mobile security budget will increase in the coming year, with only 2% expecting a decrease.
Rather, it’s seems that no one outside of IT takes it as seriously as they should. They don’t understand the risks, and think the risks they know about only happen to other people. Because of this, they resist efforts to make things more secure if it means they won’t be able to download the newest cool app, or use the Wi-Fi at the local café.
Educated users are the best foundation for a secure mobile environment.
The report looks at four areas and outlines ways to improve, moving from a baseline of minimum security standards in four areas:
- Applications: Making sure that applications are free of malicious code and vetted to prevent issues with business-critical data and systems;
- Devices: Making sure devices have strong passwords and implementing mobile device management (MDM);
- People: Train people to understand what the security measures are, and most importantly, why you’re implementing them. When people understand the why, they’re far more likely to comply.
- Networks: With ubiquitous Wi-Fi, people connect up to the network at their local restaurants and stores without realizing the potential hazards. Ensure people understand not to use unsecured networks, and look at alternatives like VPN and data loss prevention software.
When people understand the risks, they don’t mind taking a few extra seconds to input a password, or connect to a VPN. Educated users are the best foundation for a secure mobile environment.