There's been a fair amount of discussion about whether mobile devices need antimalware protection. With my employees...
using their own devices at work, for work, I want to make sure my company is adequately protected. Is the antimalware investment a necessary one? If not, is there a better product to use?
Over the past decade, mobile device management and mobile security have been two extremely difficult issues for enterprises to address. Whether an investment in antimalware is necessary might be the wrong question to ask. There are many different risks presented by mobile devices, and organizations would be wise to perform a threat assessment to better understand which threats are the highest risks for their specific business and therefore a priority to address.
The potential list of attacks against mobile devices for enterprises is very long, but the list of attacks or security incidents that make the news is relatively short. The most common mobile security threat to enterprises is lost or stolen devices. And the truth of the matter is that antimalware will not help if a device is lost or stolen and doesn't have basic mobile device security controls implemented on it, such as a PIN or remote wipe capabilities. If your organization does not require a PIN or hasn't adopted remote wipe yet, I would say these are higher priorities than antimalware.
Implementing a mobile device management (MDM) tool that includes antimalware along with other security controls (e.g., PIN enforcement, remote wipe, encryption or containerization) might be a good enterprise investment. However, before evaluating MDM tools, enterprises should ask a number of questions:
- Do we have an inventory of mobile devices to secure?
- Will the tool be implemented on employee-owned devices?
- Will our employees allow us to install such a tool on their personally owned devices?
If you cannot answer these questions, deciding to implement a mobile device management tool might not actually provide the protection expected.
Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading