Making sense of mobile security: requirements, considerations and strategies

Join Michael Covington, VP of Portfolio Strategy at Jamf, to learn about the threats that remote workers face and how to defend against them.

June 5 2024 by

Hannah Hamilton

Mobile phones lined up against a pink background showing security features, including Touch ID, Face ID and passcodes

As mentioned in the webinar, over the last decade, the number of remote workers has increased by 400%, with 70% of today’s employees not working by a desk. To adapt, 85% of workloads are now in the cloud so employees can work from outside their corporate office buildings.

This, combined with increasingly sophisticated threats, has changed the mobile threat landscape. Defending our mobile devices from these threats requires powerful tools and intentional security policies.

In this webinar, Michael Covington, VP of Portfolio Strategy at Jamf, explains strategies organization’s can use to defend their mobile device fleet, namely:

  • Security configuration
  • Attack prevention
  • Threat hunting

Watch the webinar for an in-depth discussion of these strategies, or read this blog for a quick recap.

Security configuration

The foundation of mobile security is the correct configuration of settings and policies. This could be alignment with CIS benchmarks or your own standards — either way, it’s necessary to make sure devices stay in compliance.

Vulnerability management

To start, Covington recommends mitigating or removing existing vulnerabilities. Keeping your devices and applications up to date is an important step in this process. But how do you know what devices or applications are vulnerable? Ideally, your security software should tell your mobile device management (MDM) software what devices need to be updated.

Establishing an app vetting process reduces the likelihood a problematic app hurts your security. Covington lists these considerations, among others:

  • How does the app handle secure data connections?
  • Is the app using up-to-date protocols?
  • What permissions does the app need to run?

Compliance audits

MDM and security software go hand-in-hand — it’s difficult, if not impossible, to secure a device that isn’t managed. When you integrate your MDM and security tools, they work together to detect when your device falls out of compliance and remediate the issue.

Data protection

The way data flows in a mobile device determines its security. Establishing data protection and acceptable use policies help control data. Data should only move between secured, authorized apps — modern data controls make this possible in a number of ways.

Attack prevention

Successful mobile attacks can have devastating impacts for a company. Detecting — and remediating — these threats is critical. This means your security software needs to be able to detect a variety of threat types, including malware, network eavesdropping and phishing.

Mobile devices are especially vulnerable to network infrastructure attacks, as on-the-go users often connect to public, unsecured Wi-Fi. Covington emphasizes that a device needs to be able to identify this type of attack and actively act upon it for the attack to be mitigated.

Since more communication happens on mobile devices, entry points for a phishing attack increased. By protecting network traffic across all applications on a device, you can defend your company data and the user’s credentials. You can implement this on both corporate-owned and bring-your-own devices by leveraging separate partitions for work and personal data. This way, you can still achieve security while respecting user privacy.

Threat hunting

The next layer of mobile security is threat hunting — proactively looking for threats by investigating anomalies. When developing a threat hunting strategy, Covington recommends thinking about the types of users you have and how they’re likely to be targeted.

Collecting rich telemetry data arms admins with the information they need to identify potential threats and analyze indicators of compromise. With this information, you can get an idea of how your organization is being targeted and act accordingly.

To learn more about developing a mobile security plan for your organization, watch the webinar.