Latest Technology News Today – Get Latest Information Technology Updates and Services Latest Technology News Today – Get Latest Information Technology Updates and Services 
Mobile/IoT devices are the most vulnerable endpoints or entry points to network and enterprise systems. 56% of companies say IoT and mobile devices are the most vulnerable endpoint of their organization’s networks and enterprise systems
– Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)
The flexible workplace concept with its myriad advantages, has one single disadvantage which could pose as the biggest risk for any enterprise.
With the development of mobile device for enterprise workers, there is a slack in the ability to control access and secure data over wireless connected devices. Most mobile devices operate over Wi-Fi and as many employee devices are carrying sensitive company data, or at least, access to that sensitive data.
So, the tradeoff between productivity and security is what companies are coming to grapple with, today.
But for a tradeoff to get the right balance, we need to know, what exactly are the risks?
First and foremost, with an intent to data theft, any attacker can set up illegitimate access points that are disguised as legit. Set up within range of an existing wireless network, this point fools the user into connecting in, and thus gets access to data. An employee could do this deliberately or it could be a slip up, maybe even a theft of the devices that could create this risk. Despite being easier to identify and hence short lived, it’s a huge threat for whatever quantum of data is lost.
Another risk comes from what can be referred to as the ‘man in the middle ‘attacks. These are orchestrated by experienced and knowledgeable hackers, who place a fictitious device between theusers and the wireless network. With the right technology loop hole exploited, and the right plan among the many ways this can be carried out, it could be a big risk for a company.
The most common way is through the common Address Resolution Protocol (ARP), that all the TCP/IP networks use. An expert hacker an exploit vulnerabilities in the ARP, where he or she sends an ARPresponse with IP address same as that of legitimate network device and MAC address of therogue device (i.e. hacker’s device). This will cause all the legitimate devices in the enterprisenetwork to update IP address and MAC address maps table with false MAC address. Now allthe data will be sent to hacker’s device until new ARP response with legitimate MAC address isreceived.
This is a more serious and complicated way of data compromise through a mobile wireless device.
In most cases, the Security team of an enterprise sets certain policies and processes that regulate the use of wireless on office connected devices outside of the company premises. In a controlled security environment, it is easier to identify risks and control risky behavior. But once outside the building, employees many connect to a public networkwith bigger vulnerabilities as far as security strength is concerned. There is not much that can be done to control this risk except create and enforce stringent usage policies for office devices, but what of personal devices? The vulnerability is hence very real!
There are also risks like the “evil twin” that look and behave very much like a legitimate IP and hence the network can be compromised without anyone’s knowledge. Wi-Fi networks are especially vulnerable to this type of attacks, and a mobile device that carries employee data or connects to company database, can be a huge risk.
So what is the way around these?
Avoiding using the Wi-Fi is not an option in today’s day and age. The only thing within and enterprise’s purview is to control access to the wireless network from enterprise owned mobile devices. Most of enterprise level mobile devices offer endpoint protection.Some offer additional security features to safeguard wireless networks, along with its multilevel protection using IDS/IPS, firewall and web security.
These are extremely imperative for enterprise devices since there is no other way to identify risk and mitigate it, especially since companies need to allow employees to connect from remote locations.
The more feasible way would be, if IT administrators of the organization can control to which wireless network user can connect, using endpoint encryption technologies, especially when the wireless connection is public.
