It’s hard to imagine today, but in mid-2021, many companies were anticipating an imminent return to the office for most of the workforce. Instead, remote work has become a firmly established part of business, with 58% of Americans working from home at least part of the time. Clearly, remote work is here to stay, along with the cybersecurity risk it introduces. And there’s plenty of risk, especially with remote workers using mobile devices (including personal mobile devices) for work.
Of course, using a mobile device—even a personal mobile device—for work is nothing new. The issue is that so many devices are now being used specifically for remote work. That puts the devices and their users far beyond the secure perimeter of the traditional workplace—and not just occasionally, but most or all of the time.
If you think that sounds risky, you’re right.
Among the organizations surveyed for the latest edition of the Verizon Mobile Security Index:
- 79% agreed remote work adversely affected their cybersecurity
- 45% had experienced mobile-related compromise (twice as many as in 2021)
- 73% of those that experienced mobile-related compromise described it as “major”
It’s no stretch, then, to say that using mobile devices for work increases the risk of an organization being compromised by a mobile security failure. Not only that, but when such a failure is associated with mobile work, the cost to a business’ security, brand, and bottom line can be even greater: it can have both security and economic consequences for the organization. According to the 2022 Cost of a Data Breach report from IBM Security and Ponemon Institute, when remote work is a factor in a data breach, the cost of the breach is higher than average.
These trends—and the fallout from major security incidents—are driving many organizations to move toward zero trust-architecture and verify every access request in real-time.
Given the grim statistics, organizations are right to fear the cybersecurity impact of mobile devices, especially when used for remote work, and to want to do whatever they can to limit that impact. As with many security challenges, addressing the problem starts with awareness. If you don’t know about a mobile security threat, how can you take steps to limit the damage it can do? And if you don’t know about it soon enough to respond immediately, how bad will the damage get before your security team can act?
These are the questions RSA® Mobile Lock is designed to answer. By constantly scanning for high-risk security threats, RSA Mobile Lock can help establish device trust. And if a threat does emerge, Mobile Lock will stop it from spreading. Moreover, by scanning users’ devices, Mobile Lock moves their personal phones and tablets as well as their organizations’ overall security postures closer to zero trust.
We developed Mobile Lock in partnership with Zimperium a global leader in mobile device and app security. Zimperium excels at mobile protection: by combining their expertise with the authentication capabilities that RSA does best, we provide customers with a holistic value solution and broaden our platform to account for urgent cybersecurity vulnerabilities.
When a cyberattacker targets a mobile device, the user may have no idea their device is even at risk. RSA Mobile Lock detects critical threats on mobile devices and notifies the user and the IT team that the threat is present. But beyond that, it can also immediately prevent the user from continuing to authenticate into the secured work environment—so the threat can’t move beyond one device to reach other sensitive data and systems across the organization. Meanwhile, the security team can undertake investigation and remediation.
The best part? Users don’t need to install any new apps or configure any resources. Mobile Lock is embedded in the RSA mobile application already deployed on millions of mobile devices.
While mobile security for a remote workforce is important for any organization, it is especially critical for security-sensitive business sectors in which remote operations pose especially high risk, such as financial services. (Cuidados de Saúde is another prime example.) A 2020 International Monetary Fund (IMF) cybersecurity report specifically cautioned financial services organizations about the risks resulting from remote work. The report specifically warned about weak authentication and made recommendations consistent with a least-privilege/zero-trust approach to security, such as allowing remote authentication and access only when specifically required.
In developing RSA Mobile Lock, we worked closely with many large financial services organizations to address the sector’s particular vulnerabilities and to deliver capabilities to meet their most critical mobile security needs. We worked together to identify the types of threats that would be of greatest concern to this and other organizations in the industry, and we prioritized those threats for detection by RSA Mobile Lock.