A mobile data breach can damage a businesses’ reputation and result in collateral damage that takes years to remedy. A quick search will show you some high profile issues caused by a security breach. With jobs lost, businesses ruined and customer loyalty destroyed, it’s clear that prevention is the best remedy for a breach.
A mobile data breach in particular present a unique challenge, the response plan becomes much more complicated due to the the personal nature of a mobile device itself. With the adoption of BYOD and work emails being accessed on personal devices, a tangled web of data cross-pollination is being created that can present significant security risks.
Wandera research shows that companies spend twice as much remedying a security breach than on mobile security software. Additionally, 28 percent of companies reported a mobile data breach within the previous 12 months. And nearly half of those indicated that the breach had cost their companies up to $400,000.
The real cost of corporate mobility
Bills for data? Check. Fee for latest handset? Check. Cost of security breach? Erm …
From roaming costs to new vulnerabilities, you’re probably spending more on mobile than you should be.
There are three basic but crucial steps that organisations must take to ensure that they are sufficiently prepared to remedy a mobile data breach.
1. Assess the mobile data breach and notify those involved
This should be at the top of the to do list when a mobile data breach occurs. The news will need to be immediately shared within your organization. Business have a habit of staying silent when data breaches occur. Usually the fear of discovery by competitors, government regulators or customers outweighs the importance of having a wider discussion throughout the organization.
When it comes to a mobile data breach, businesses need to realize that the situation is different. The dual personality of a mobile device serves an individual as well as the business. The faster the company notifies all those involved and shares intelligence on what was breached, the less of a ripple effect the breach will have.
Device users will need to change passwords – not just those used within the company, but any that were put at risk. They should take defensive steps if sensitive data such as contact lists, credit cards, business or personal images and location information was leaked.
2. Perform a forensics analysis to discover how the mobile data breach occurred
To clean up a mobile data breach, the business must understand how it occurred and what was put at risk. The only way to perform a post breach forensics investigation is to start with visibility across the mobile fleet.
Companies should invest in a mobile threat defense solution that can provide data that can be used in investigation. This data should reveal how the breach occurred, which users were impacted and provide clues as to which data may have been compromised. By having complete visibility of the issue, businesses will be better equipped to minimize or prevent further damage.
3. Improve defences to prevent future mobile data breach
The visibility that is obtained during a forensics investigation can pave the way for improved defences via policy controls. Many IT teams typically rollout an open mobility program to start. This is dangerous as it can allow users to install their own apps and ensuring there are no restrictions on the websites they can access.
Compliance violations will likely be discovered and productivity concerns raised. IT will need to take a step back and implement mobile policies to ensure compliant and secure usage. After a mobile data breach, companies should look closely at their mobile policies and ensure they are taking adequate steps to protect mobile data.
The time to act is now
Unfortunately, today it’s less of a case of ‘if’ there will be a mobile data breach. Instead, it’s more about ‘when’ a business will discover they have been hacked. A recent study found 60% of organizations have been breached as the result of an insecure mobile application over the past 12 months.
“Although the top-tier companies are doing a much better job of protecting themselves against mobile threats, most of the companies are falling behind. Hackers are finding mobile apps a great place to attack and these apps in the wild have binary code that’s vulnerable and unprotected.”Mandeep Khera, chief marketing officer at Arxan
Businesses need to put strategic operations in place to ensure they can successfully move forward after a hack. This is a sad truth for organizations globally. Evidently, it’s better to be prepared than to sit on our hands waiting.
GDPR: the mobile implications
The GDPR legislation will come into effect in 2018. Download our white paper to prepare your business and avoid costly fines.