IT security will remain one of the most discussed topics in 2020. After all, laptops, tablets and smartphones, which allow flexible working, have access to sensitive company data and are an attractive target for cybercriminals. All too often, however, they are not sufficiently protected or are subject to negligent handling – and thus pose a risk.
In the security discussion, however, the question will increasingly arise of how mobile working can still be made user-friendly with so many necessary security precautions.
We will explain how you can protect your end devices from attacks in 2020 and give you initial tips on how you can ensure high usability.
Security incidents in 2019
In 2019, in addition to quantity, the quality of attacks on IT systems has become even more professional. Attacks are becoming increasingly difficult for employees to recognize as such – and the risk for companies is thus increased.
Thus, the recently past year 2019 got off to a turbulent and worrying start: In January, a data set with more than 773 million e-mail addresses and over 21 million passwords was published in darknet under the name “Collection #1”, opening the way to sensitive data.
This was followed by many other targeted attacks – including ransomware attacks, which were frequently initiated via phishing e-mails and sometimes shut down entire IT systems for several days, causing considerable economic damage.
Such and other incidents clearly show that establishing IT security structures and policies should be a priority for every company – also in 2020.
What threats await companies in 2020?
Companies should prepare themselves for the types of cyber attacks already known, but also monitor the market and be prepared for new risks. New approaches are constantly being developed to access sensitive company data. According to a study by the American market research company Forrester Research, cybercriminals will increasingly use artificial intelligence (AI) and machine learning (ML) in 2020. So-called “deepfakes” are one example. Image, video or audio files are manipulated in such a way that they simulate biometric characteristics such as the appearance or voice of employees in a deceptively realistic way. In this way, authentication methods could be tricked.
In addition, according to Forrester Research, the number of ransomware attacks in which criminals demand high extortion sums from companies could rise further in 2020. Here, software infiltrated by attackers causes applications, data or an entire device to be blocked or encrypted. The unlocking and decryption is then followed by the payment of large sums of money.
What should companies do now?
The year 2020 will present companies of all sizes with enormous challenges. The following recommendations will help you to protect your business more effectively against cyber attacks:
- Define security policies
Companies should define clear guidelines for the handling of end devices and, to this end, conduct regular, mandatory training and education for all employees. For example, the guidelines should prescribe how employees should handle links received by e-mail, foreign WLAN networks or apps from the public App Store. In addition, security policies should require employees to update software on their devices in a timely manner. This is because the purpose of these updates is to close any security gaps that have arisen. Outdated operating systems on devices can pose a huge risk to businesses.
In general, it is advisable to follow the “zero trust” principle when defining security policies and strategies. The concept involves not trusting any user, device or application service inside or outside your own network, and checking every interaction. This ensures that sensitive data does not fall into the wrong hands.
- Use Unified Endpoint Management Systems
A Unified Endpoint Management System (UEM) makes it possible to centrally manage all devices and their content and applications and to define and enforce individual security policies for them. In addition, in the event of theft, sensitive content can be deleted from the device via the system and attacks can be registered at an early stage and treated with countermeasures. After an attack, UEM systems can provide valuable information about the hackers’ actions, so that the findings can then be used to improve security measures.
In addition to an increased security standard, a UEM system relieves the burden on the IT department and enables employees to work effectively and securely on the move. When selecting a suitable UEM system for their equipment fleet, companies should start from their individual needs, compare several solutions and preferably seek advice from an independent body.
- Use dedicated security solutions
In addition to a UEM system, dedicated security solutions can be used to secure mobile devices. In this way, the protection of company data against diverse and complex cyber threats can be achieved to a greater extent. As a rule, security solutions can be easily integrated into the UEM system used.
The market offers a wide range of solutions: There are comprehensive security solutions (such as Lookout or MobileIron Threat Defense), which aim to protect against different types of threats via one solution. At the same time, solutions are available that solve specific security problems: For example, Spycloud helps companies to protect the digital identities of their employees, and the SecurePIM container solution can be used to separate professional and private data on mobile devices, thus significantly increasing the protection of sensitive company data.
- Sensitise employees
A very central success factor in the area of IT security are attentive employees. Employees must be sensitized and trained for the topic. They need to understand the risks involved in accidentally downloading a fake app, carelessly clicking on a malicious link or using public WLAN networks. They must also learn how to detect a cyber attack or a security hole. Only then can the risk of an attack be significantly reduced.
Security vs. usability
Companies are facing a challenge: Because it is not only important to ensure a high level of security, but also a high level of usability. However, security mechanisms such as multi-level login procedures or complex password policies limit the user experience and reduce user acceptance. The desire to work completely without a password is becoming more and more apparent. And this “Zero Password” idea – in combination with the “Zero Trust” concept – can now be put into practice. In trustworthy situations, users no longer need a password, since a query of the device identity ensures that sensitive data is secure.
Webinar on Mobile Security
In our free webinar you will learn in detail about the dangers for companies and what you should consider when securing your end devices.
Learn how to take effective security precautions, detect and fend off attacks at an early stage and how you can quickly take countermeasures in case of an incident. You will also learn how security and usability can be realized equally.
We would be happy to advise you individually and help you to take the appropriate precautions for your company.