225,000! A single piece of malware enabled 225,000 iPhones to be hacked, according to a report from Palo Alto Networks released last week. And so the iOS platform, long perceived as more secure than its competitors, falls victim to the forces of evil. However, in defense of Apple, and iOS (full disclosure: I carry an iPhone and iPad – I’m a remote, mobile employee after all), there are 225,000 accomplices to evil-doing out there: the users who decided it was a good idea to jailbreak their iPhone. Considering the number of corporate users who carry these, and alternative smartphones, your exposure could be significant.
One of the great challenges with BYOD is that companies cannot, and really, should not, control everything on a user’s personal device. However, your company absolutely has the right to protect itself from risk, even those unknowingly brought into the business. The challenge is – how do you prevent users from jailbreaking their devices? Malware brought into your corporate environment via a personally owned device is no different from any other in the damage it can cause but significantly different in terms of how you must protect against it. Here are a few tips from the defensive playbook:
- Education: Users do a lot with their smartphones but most only do stuff to the level they understand. Remember the early days of PCs and all the email attachment viruses people would open? Today, those seem so obvious, but we must remember that smartphones are still newer, and sometimes users venture into dangerous waters. Teaching users about jailbreaking – why some do it, the risks it opens up, the personal data/liability that could follow, will ultimately create a more knowledgeable user base within your company, and a more knowledgeable user base will reduce the threat. Making this part of new-hire and annual employee training requirements is one way to implement this. Turn unwitting hacker accomplices into a well-informed user community.
- Tiered access: There should be a difference in the level of corporate control over BYOD users compared to COPE users. Since COPE devices are, by definition, owned by the business, it is a lot easier to justify complete device management. By contrast, you want to take a more hands-off approach to BYOD users, while still protecting your corporate information. Consider how your BYOD and COPE users actually access information. Is email and web-browsing all that each is looking for? Do they need access to corporate systems to get their jobs done? Consider Secure Gateway-based access with LetMobile for the former and require full enterprise mobility management for the latter group. You can also incentivize users to switch to a COPE device plan and “step-up” their access to corporate systems. This could offer your business several security, as well as economic advantages.
- Jailbreak detection: There will always be a rule-breaker, whether by ignorance or malicious intent. The most secure way to defend your business from data leaks via jailbroken devices is to use LANDESK Mobility Manager for enterprise mobility management. Mobility Manager includes jailbreak detection, monitoring and notifying you of any devices that could be a threat to your network and confidential data. This empowers you to act as the IT Hero: stepping in to protect your users and your data from danger.
It’s been long expected that the iOS operating system would eventually be exposed to hacks. While that threat is now a reality, you can defend your company and your users. Get your superhero cape on: the forces of evil are surely plotting their next attack. Let LANDESK be your trusty sidekick as you create a more secure mobile world!