Mobile device management: the spy in your pocket
Smartphones have become an indispensable part of our everyday lives. They are also highly developed devices that can be perfectly abused for espionage of the user and those around him. The scandal surrounding the software Pegasus of the Israeli NSO Group has shown how dire the situation is. IT experts found traces of the espionage software on several dozen cell phones belonging to journalists, human rights activists and their family members. Fortunately, there are security measures that are effective against mobile threats. There are also business messenger services that are more secure than WhatsApp & Co. and still achieve a high level of user acceptance.
The number of smartphone users has been increasing for years. While in 2012 36 percent of the German population aged 14 and over used a smartphone, this proportion is lower Calculations by the market research company Deloitte increased to around 89 percent in 2020. 94 percent of owners use it every day. On the corporate side, the smartphone has become an important lever in the acceleration of corporate processes and an indispensable work tool. Even outside of working hours, 59 percent of smartphone owners use it for professional tasks.
But the possibility of mobile access to the company network makes the smartphone an interesting target. Especially since smartphones are highly developed spy devices – always available and intelligent. Using a microphone and camera, they potentially deliver images and sound to anyone outside the company and access sensitive data in the network via the company’s Wi-Fi. And although this is well known in management, the topic of mobile security is still neglected and appropriate protective measures are only hesitantly taken.
This makes it easy for criminal attackers with phishing emails or man-in-the-middle attacks to exploit weaknesses in the software. This is what happened, for example, with the Pegaus Trojan, which targeted smartphones with iOS and Android operating systems for the past two years. After installation, the malware was able to read messages and e-mails, track calls, pick up passwords, make sound recordings and determine the whereabouts of the user, among other things.
Such an attack on a business smartphone damages the company’s image and – even more seriously – usually causes high economic losses and even bankruptcy. With regard to the General Data Protection Regulation (GDPR) in particular, companies are liable to prosecution if they do not close these gateways. A violation is punished with up to four percent of the total annual turnover; Managing directors are liable with their private assets.
The pressure from the GDPR is increasing. Nevertheless, there are managers, especially in the executive floor, who have installed well over 400 apps on their smartphones and thus open the door to malware. Especially since the devices of CEOs and other executives are extremely interesting targets for attackers because they usually contain sensitive data. In this way, the requirements for data security and the protection of confidential data are practically undone at the highest company level.
To ensure the security and operation of mobile devices, larger companies now often rely on Mobile Device Management (MDM), which organizes the management of the devices and protects the stored business-critical information from unauthorized access. Container technologies for data protection are becoming established for small and medium-sized companies. Corresponding applications help to protect business information on smartphones from unauthorized access in an encrypted container. Professional e-mails, contacts, calendars, documents and photos are strictly separated from existing private data and applications.
The separation of business and private applications and data using encrypted container technologies is a first step in preventing unauthorized persons from accessing sensitive information. But what about messenger services such as WhatsApp, which are used as a means of communication both privately and professionally? It is not enough to issue a ban. Because this favors the emergence of an uncontrolled shadow IT, which harbors high risks for the company network and data.
Companies that use messenger services such as WhatsApp for professional communication risk violating the requirements of the GDPR: The right to information and the right to delete data are not met, among other things. Especially with non-European messenger services, it is often not known exactly where the data is located. Data deletion is not possible, but is provided for in the sense of the GDPR if a business smartphone is lost.
Companies protect their mobile knowledge transfer with secure enterprise messaging solutions. As a business variant of consumer-oriented services, they usually offer more suitable business functions. Enterprise messaging apps usually transmit the data exchange encrypted via HTTPS in order to protect the connection between the app and the servers.
Temporary keys are used that cannot be decrypted by a possible attacker afterwards. If the service provider only has anonymized user data, the requirements of the GDPR are observed. Private messaging for confidential communication in small groups is usually just as possible as large group chats with several hundred members. Chats and chat histories from previous communications can be searched for and displayed, and colleagues can be added to ongoing chats.
A secure messaging solution only makes sense if it is implemented and used company-wide. In order to achieve a high level of user acceptance, it is important to ensure that it is easy to use when selecting a suitable solution. It is helpful if the look and feel of the service is based on familiar applications such as WhatsApp.
Employees do not have to invest a lot of time to understand the app. Otherwise, the new messenger service and its extensive features can be presented and explained in employee training courses. Companies that also allow highly accepted services such as WhatsApp for private communication are also increasing the acceptance of the alternative. In this way, the smartphone in your pocket becomes a safe companion in everyday business, a protected control center that can be used to handle and control a wide variety of tasks, projects and processes across the company. (rw)
More on topic:
Challenges of the GDPR
EU GDPR – a marketing rocket?
How system builders approach enterprise mobility projects
Remote monitoring and management solutions
Which IoT platform is the right one?