BYOD and mobile device security best practices

Get the latest news, advice and information on Bring Your Own Device (BYOD) security. Learn about how BYOD security policies and mobile device security best practices can prevent attacks, and stay up to date on the most pressing mobile threats such as OS vulnerabilities and malicious apps.

Top Stories

News 30 Sep 2021
Researchers hack Apple Pay, Visa 'Express Transit' mode

Academic researchers discover an attack technique that enables them to make fraudulent transactions on locked iPhones when Apple Pay and Visa cards are set up for transit mode. Continue Reading
By
- Arielle Waldman, News Writer
News 12 May 2021
Hacker makes short work of Apple AirTag jailbreak

A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month. Continue Reading

News 12 May 2021
Hacker makes short work of Apple AirTag jailbreak

A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month. Continue Reading
By
- Shaun Nichols
Tip 30 Jun 2020
3 must-ask post-pandemic questions for CISOs

The worldwide health pandemic has created multiple challenges for today's CISOs and their security teams. Ask these three questions to stay safe in a post-pandemic workplace. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Feature 27 May 2020
Top 3 advantages of smart cards -- and potential disadvantages

As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
By
- Katie Donegan, Social Media Manager
- Joel Snyder, Opus One
Tip 18 May 2020
How to balance secure remote working with on-site employees

Post-pandemic, organizations must strike the right balance between on-site and remote work security. Here's how to make sure your cybersecurity program is prepared. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Feature 22 Jan 2020
Ownership scenario should dictate mobile device policies

The policies organizations should deploy for BYOD devices compared to kiosk devices are very different. Learn how organizations should approach these policy decisions. Continue Reading
By
- John Powers, Senior Site Editor
Feature 01 Aug 2019
New tech steers identity and access management evolution

IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets. Continue Reading
By
- Alissa Irei, Senior Site Editor
Opinion 01 Aug 2019
Is your identity management up to the task?

IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle. Continue Reading
By
- Ben Cole, Executive Editor
E-Zine 01 Aug 2019

Managing identity and access well unlocks strong security

Continue Reading
Tip 19 Jul 2019
Apple and Google simplify BYOD management with new OSes

IT must weigh user privacy and endpoint security when it shapes its BYOD policies. Luckily, new features in iOS 13 and Android Q make this balance easier for IT to strike. Continue Reading
By
- Colm Warner
Answer 19 Jun 2019
What can IT do to enhance Android security?

Android is just as secure as its competitors' OSes, but IT should still remain vigilant. Here are three ways to secure Android devices for the enterprise. Continue Reading
By
- Jack Gold, J.Gold Associates, LLC.
News 17 May 2019
How Google turned 1.5 billion Android phones into 2FA keys

Google product manager Christiaan Brand discusses the journey to making 1.5 billion Android devices work as 2FA security keys and the plan for the future. Continue Reading
By
- Michael Heller, TechTarget
News 08 May 2019
Google I/O 2019 keynote brings focus on security and privacy

After being a no-show at last year's conference, security and privacy improvements were big themes at Google I/O's first day, including discussion on federated learning. Continue Reading
By
- Michael Heller, TechTarget
News 31 Dec 2018
Why dating app security flaws should concern enterprises

Vulnerable dating apps on BYODs pose risks to more than just individual users. Find out what security flaws are common in these apps and what they mean for enterprises. Continue Reading
By
- Lena Young, Editorial Assistant
Tip 13 Dec 2018
How a flaw in Apple DEP misuses an MDM server

Hackers are able to enroll their devices in an organization's MDM server via a flaw in Apple DEP. Expert Michael Cobb explains how hackers conduct these attacks. Continue Reading
By
- Michael Cobb
Answer 06 Dec 2018
How can users remove Google location tracking completely?

Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking entirely with expert Michael Cobb. Continue Reading
By
- Michael Cobb
Answer 12 Sep 2018
How does Android Protected Confirmation provide security for users?

Android P integrates Android Protected Confirmation, which provides sufficient trust in the authentication process. Learn more about this new feature with expert Michael Cobb. Continue Reading
By
- Michael Cobb
Answer 10 Sep 2018
How does the Android Rowhammer exploit affect users?

Android Rowhammer is a hardware weakness in older devices that puts users at risk of remote exploits. Expert Michael Cobb explains why it's important to upgrade to newer devices. Continue Reading
By
- Michael Cobb
Tip 25 Jul 2018
Combat mobile device security threats at home and abroad

Employees that travel for business face a higher risk of a mobile security breach. Take these steps to ensure that your mobile device fleet is secure. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 03 Jul 2018
How to manage security threats to mobile devices

As mobile device security threats increase, IT administrators should know what they are up against and develop strategies to secure mobile devices from cyber attacks. Continue Reading
By
- Kristen Gloss
News 22 Jun 2018
Unprotected Firebase databases leaked over 100 million records

Android and iOS mobile apps that use unprotected Firebase databases leaked over 100 million records that include PHI, financial records and authentication information. Continue Reading
By
- Madelyn Bacon, TechTarget
News 06 Jun 2018
Apple iOS 12 USB Restricted Mode to foil thieves, law enforcement

A rumored security feature, USB Restricted Mode, is making its premiere in Apple's iOS 12 and will protect users from brute-force passcode attacks by thieves and law enforcement alike. Continue Reading
By
- Michael Heller, TechTarget
Answer 28 May 2018
How did Strava's Global Heatmap disclose sensitive U.S. info?

Fitness tracking app Strava released its Global Heatmap that unknowingly disclosed routes of U.S. soldiers. Discover how this happened and how geolocation data can be blocked. Continue Reading
By
- Judith Myerson
News 21 Feb 2018
Android Enterprise Recommended touts quick security updates

Google's new program certifies devices that meet minimum hardware requirements, provide regular Android security updates and offer a consistent management experience. Continue Reading
By
- Colin Steele
Tip 08 Feb 2018
Mobile security issues require a unified approach

Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 08 Feb 2018
Counter mobile device security threats with unified tools

Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 08 Jan 2018
The top six EMM vendors offering MDM capabilities

With vendors expanding their horizons from just MDM to more comprehensive EMM products, it is crucial to look at these EMM vendors who offer MDM capabilities. Continue Reading
By
- Matthew Pascucci
Feature 08 Jan 2018
Comparing the leading mobile device management products

Expert Matt Pascucci examines the top mobile device management offerings to help you determine which MDM products are the best fit for your organization. Continue Reading
By
- Matthew Pascucci
Feature 05 Jan 2018
Six questions to ask before buying enterprise MDM products

Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products. Continue Reading
By
- Matthew Pascucci
Answer 05 Jan 2018
Unknown apps: How does Android Oreo control installation?

Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver explains what this change means. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 04 Jan 2018
Three enterprise scenarios for MDM products

Expert Matt Pascucci outlines three enterprise uses cases for mobile device management products to see how they can protect users, devices and corporate data. Continue Reading
By
- Matthew Pascucci
Answer 02 Jan 2018
Broadpwn flaw: How does the new iOS exploit compare?

An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the exploit is and how it works. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 14 Dec 2017
Which 4G vulnerabilities should BYOD users be aware of?

Enterprises should consider pressing 4G vulnerabilities when developing a BYOD strategy for their employees. Expert Judith Myerson explains the flaws and what to do about them. Continue Reading
By
- Judith Myerson
Answer 07 Dec 2017
BlueBorne vulnerabilities: Are your Bluetooth devices safe?

Armis Labs discovered a series of vulnerabilities that enables remote connection to Bluetooth devices. Learn more about the BlueBorne vulnerabilities with expert Matt Pascucci. Continue Reading
By
- Matthew Pascucci
Answer 05 Dec 2017
iOS updates: Why are some Apple products behind on updates?

A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates. Continue Reading
By
- Matthew Pascucci
Podcast 15 Nov 2017
Risk & Repeat: App store security measures falling short

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent discovery of a fake WhatsApp app in the Google Play Store and what that means for app store security. Continue Reading
By
- Rob Wright, Senior News Director
Tip 08 Nov 2017
Need help making Wi-Fi secure? Consider some 'classic' approaches

Keeping your Wi-Fi secure is a challenge, to say the least. Security hasn't kept up with Wi-Fi advances, but there are steps you can take to keep your Wi-Fi network protected. Continue Reading
By
- Lee Badman
Answer 20 Oct 2017
What knowledge factors qualify for true two-factor authentication?

Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and uses for mobile devices. Continue Reading
By
- Michael Cobb
Answer 16 Oct 2017
How does Google Play Protect aim to improve Android security?

Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works. Continue Reading
By
- Michael Cobb
Answer 05 Sep 2017
Should an enterprise BYOD strategy allow the use of Gmail?

Using personal Gmail accounts for business purposes is not a secure enterprise BYOD strategy. Expert Matthew Pascucci discusses why companies should avoid implementing this tactic. Continue Reading
By
- Matthew Pascucci
Answer 28 Jul 2017
Samsung Knox platform: Can it improve Android device security?

Application security expert Michael Cobb discusses the Samsung Knox platform and its ability to improve Android device security in the enterprise. Continue Reading
By
- Michael Cobb
Answer 14 Jul 2017
Android sandboxing tools: How can work data separation be bypassed?

Android for Work's sandboxing tools, which split work and personal profiles, can be bypassed with a proof-of-concept attack. Expert Michael Cobb explains how the attack works. Continue Reading
By
- Michael Cobb
News 07 Jul 2017
Flawed Broadcom Wi-Fi chipsets get a fix, but flaw remains a mystery

Broadpwn, a flaw in Broadcom Wi-Fi chipsets, is patched, but Google withholds details. Plus, the latest in the antivirus drama between the U.S. and Russia, and more. Continue Reading
By
- Madelyn Bacon, TechTarget
05 Jul 2017

Mobile security trends: app containers, app wrapping for BYOD

Continue Reading
Tip 06 Jun 2017
How mobile application assessments can boost enterprise security

Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments. Continue Reading
By
- Christopher Crowley
News 26 May 2017
Artificial intelligence data privacy issues on the rise

End users are in the crosshairs of business data privacy issues, especially when it comes to information gleaned from artificial intelligence technologies. Continue Reading
By
- Alyssa Provazza, Editorial Director
Tip 17 May 2017
What the end of hot patching mobile apps means for enterprise security

Apple now restricts mobile app developers from using hot patching, as the technique can change app behavior after it is reviewed. Expert Kevin Beaver goes over enterprise concerns. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Guide 04 May 2017

Mobile endpoint security: What enterprise infosec pros must know now

Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats. Continue Reading
Answer 05 Apr 2017
Insecure OAuth implementations: How are mobile app users at risk?

Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely. Continue Reading
By
- Michael Cobb
Tip 28 Mar 2017
Android VPN apps: How to address privacy and security issues

New research on Android VPN apps revealed the extent of their privacy and security flaws. Expert Kevin Beaver explains how IT professionals can mitigate the risks. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 20 Mar 2017
Pork Explosion Android flaw: How is it used to create a backdoor?

The Pork Explosion vulnerability present in some Foxconn-created app bootloaders can be used to create an Android backdoor. Expert Nick Lewis explains how the flaw works. Continue Reading
By
- Nick Lewis
Answer 09 Feb 2017
How did iOS 10 security checks open brute force risk on local backups?

A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks led to this vulnerability. Continue Reading
By
- Michael Cobb
Answer 04 Jul 2016
How can the AirDroid app phone hijacking be prevented?

A vulnerability in the AirDroid device manager app left users at risk of phone hijacking. Expert Michael Cobb explains how the exploit works, and what can be done to prevent it. Continue Reading
By
- Michael Cobb
Answer 13 Apr 2016
How does the M-Pesa service work and what are the risks?

How does mobile microfinancing service M-Pesa allow users to make transactions without a bank account? Expert Michael Cobb explains how it works and M-Pesa security measures. Continue Reading
By
- Michael Cobb
Answer 01 Mar 2016
Outdated apps: What are the best ways to address them?

Dead and outdated apps can pose serious security risks for enterprises. Expert Nick Lewis explains how to find and remove dead apps before they become a problem. Continue Reading
By
- Nick Lewis
Feature 11 Nov 2015
Lessons in mobile data loss protection for enterprise IT pros

With mobile devices everywhere in the enterprise now, learning tactics for data loss protection must become an IT priority. Continue Reading
By
- Lisa Phifer, Core Competence
News 28 Aug 2015
Internet of Things security concerns prompt boost in IoT services

News roundup: As Internet of Things concerns become an enterprise reality, one vendor is quick to offer IoT services to combat the risks. Plus: 1% of users create 75% of the risk; Target pays up; Apple devices improperly secured in the enterprise. Continue Reading
By
- Sharon Shea, Executive Editor
Answer 13 Aug 2015
How can I mitigate the risks of alternative Android browsers?

Expert Michael Cobb explains the security risks surrounding alternative Web browsers, as well as approaches enterprises can take to prevent BYOD employees from using them. Continue Reading
By
- Michael Cobb
Tip 09 Jan 2015
What is endpoint security? What benefits does it offer?

The increased number of smartphones, laptops and other endpoints in the enterprise is a major security concern. Learn what endpoint security is and how it can help combat your enterprise security woes. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 07 Jan 2015
Detecting backdoors: The Apple backdoor that never was?

The debate over the purported Apple backdoor leaves enterprises asking, "When is a backdoor not a backdoor?" Application security expert Michael Cobb explains the difference. Continue Reading
By
- Michael Cobb
Tip 11 Jun 2014
Are malicious mobile apps a mere inconvenience or a real threat?

How big a security threat are the malicious mobile apps riding into your enterprise on employees' mobile devices? Continue Reading
By
- Michael Cobb
Quiz 22 Feb 2013
Quiz: Managing BYOD endpoint security

In this six question quiz, test your knowledge of our Security School lesson on managing BYOD endpoint security. Continue Reading
By
- Craig Mathias
Tip 10 Jan 2013
BYOD security: How to remotely wipe iPhone and Android devices

Remote data wipe is key to any BYOD security policy, but each OS handles it differently. Lisa Phifer covers how to use it with other controls to protect data. Continue Reading
By
- Lisa Phifer, Core Competence
News 28 Jun 2012

Putting the mobile botnet threat in perspective

While lucrative mobile botnets do exist, Industry experts provide a perspective on seems to be a relatively small mobile botnet threat. Continue Reading
Tip 07 May 2012
Examining Kindle Fire security, Silk browser security in the enterprise

Do Kindle Fire security issues, combined with weak Silk browser security, make the red-hot consumer device too risky for enterprises? Michael Cobb explains. Continue Reading
By
- Michael Cobb
News 03 Apr 2012

Experts say it's time for a mobile security review

There are many mobile device management (MDM) platforms, but they may be unnecessary if you can use the security features native to the devices. Continue Reading
News 21 Mar 2012

Top 10 mobile risks list highlights fundamental weaknesses

An OWASP team has unveiled a non-hyped list of weaknesses and how to properly mitigate them. Continue Reading
News 15 Mar 2012

NSA mobile security plan could be industry roadmap

Tight controls over the mobile device and the use of VPN tunnels could be employed in enterprise mobile security plans. Continue Reading
News 06 Mar 2012

What are the best Android mobile security apps?

A security testing firm analyzed the malware detection capabilities in dozens of Android mobile security apps. Only 17 made the trustworthy list. Continue Reading
News 09 Dec 2011

Special report: 'Eye On' mobile security

SearchSecurity.com's news team explores the challenges and technologies enterprises must know to successfully manage mobile security. Continue Reading
News 06 Dec 2011

Symantec launches mobile security evaluation, app assessment services

Security assessment reviews an organization’s mobile security policies and technologies, evaluating the mobile security posture against a set of 15 core elements. Continue Reading
News 01 Aug 2011

Gartner: Mobile device management products demand risk analysis

At the research firm's Gartner Symposium event, an analyst warned of mobile device management products’ abundant features and the need for a risk analysis. Continue Reading
News 29 Jun 2011

Fight mobile attacks, data loss risks by locking down devices

Mobile malware has been minimal, but attackers are developing attacks that target smartphones to gain access to sensitive data, says security luminary Winn Schwartau. Continue Reading
News 29 Jun 2011

Security risks prompt retooling of enterprise mobile security strategy

Cybercriminals will find ways to bypass native security restrictions on smartphones and other devices, says security luminary Winn Schwartau. Continue Reading
Tutorial 06 May 2011

Webcast: Mobile security policy must-haves

Lost or stolen devices are currently the most imposing threat to data on mobile platforms. With more employees doing business on smartphones and tablet computers, security teams are being tasked with keeping the email and application data on those phones and other devices secure. In this presentation, Lisa Phifer explores the legal and liability issues surrounding data on smartphones and tablets as well as personal use and personal data conditions. Phifer will discuss security apps for mobile devices, authentication options and procedures for reporting lost or stolen devices. Continue Reading
Tutorial 05 May 2011

Mobile security policy must-haves

In this presentation, Lisa Phifer explores the legal and liability issues surrounding data on smartphones and tablets as well as security apps for mobile devices, authentication options and procedures for reporting lost or stolen devices. Continue Reading
Podcast 05 May 2011

Fact or fiction: Mobile device attacks

Access this podcast to find out how to avoid mobile threats, and discover which of the top five myths about mobile security are true and which are false. Continue Reading
News 05 Apr 2011

iPad management: Securing iPads in a regulated world

An IT security manager was tasked with locking down new iPads in his organization. Learn how one infosec pro took charge of iPad security. Continue Reading
News 31 Mar 2011

Mobile app attempts vigilante justice

A new Android application discovered by Symantec attempts to discipline users that download files illegally from unauthorized sites. Continue Reading
Answer 28 Feb 2011
Can smartphones get viruses and spread them to the network?

Today's powerful smartphones can sometimes spread viruses to the corporate network. Learn how it can happen and how to prevent it. Continue Reading
By
- Michael Cobb
News 09 Dec 2010

Winn Schwartau on securing mobile devices

Security luminary Winn Schwartau talks about the threats posed by the growing use of smartphones in the workplace and the stuggles faced by IT professionals to properly secure them. Continue Reading
Tip 06 Oct 2010
How to secure GSM phones against cell phone eavesdropping

Every enterprise has mobile phones, and, due to a recent attack demonstrated by Chris Paget at Defcon, every enterprise is now open to the possibility of data theft or mobile DoS attacks. Learn more about the growing threats of cell network eavesdropping and spoofing. Continue Reading
By
- Nick Lewis
News 04 Aug 2010

iPhone jailbreaking exploit sparks mobile security concerns

The emergence of an exploit used by a website for iPhone "jailbreaking" has prompted security researchers to issue warnings about smartphone security. Continue Reading
News 09 Feb 2010

Spyware code targets BlackBerry users

Newly released proof-of-concept code could be tweaked for use on almost any device and demonstrates the need for caution with mobile applications. Continue Reading
Tip 21 Oct 2008
Recovering stolen laptops one step at a time

When a student's laptop was stolen last year on a university campus, police and IT investigators went to work, recovering it within a matter of weeks. Neil Spellman, one of the investigators on the case, offers some best practices on what to do if a laptop is taken, and how to prevent theft in the first place. Continue Reading
By
- Neil Spellman, Contributor
Answer 16 Apr 2008
Should iPhone email be sent without SSL encryption?

SSL encrypts all of the communication between your iPhone and your mail server. Network security expert Mike Chapple explains how important that feature really is. Continue Reading
By
- Mike Chapple, University of Notre Dame