As anxiety about cybersecurity continues to rise, information governance staff are left with the tough task of securing mobile devices. Crafting a mobile device policy that accounts for both the demands for constant access to both client communication and work product as well as the imperatives to keep company or firm data safe can be a tough line to tow.

Mobile security company Wandera recently released its “Mobile Wifi Security Report.” Drawn from customer data, the report suggests that wireless access on mobile devices can introduce new security vulnerabilities for users. The report found that Wi-Fi access accounts for 74 percent of all wireless data access across an average of 12 different wireless connections per day.

“From our experience we find that people are more susceptible to threats like phishing on mobile,” Dan Cuddeford, Wandera director of sales engineering and author of the report, told LTN. “Generally we offer more trust to our mobile devices.”

Cuddeford pointed to a number of reasons this might be the case. Generally, users interact online through mobile apps, which tend to mask how and where they send information. Unlike computer web browsers, where you can generally see and customize where information is sent, apps run such interactions behind the scenes.

Additionally, as smartphones have become more comprehensive in the services they offer, users have acclimated to using their mobile devices for personal, more casual use, even when devices are owned or operated on company networks.

Connecting devices to the internet via wireless networks as opposed to cellular data amplifies some of their vulnerabilities to network intrusions. Cellular connectivity is generally encrypted by default, making it more difficult to access information, whereas wireless networks tend to have a wide variety of different security protocols in place.

That said, it's not particularly practical to force all interaction through a cellular network, or even through a VPN. Cellular charges can get pretty expensive abroad. And while VPN's offer a way to funnel mobile devices into a secure line, they also introduce access points to companies' internal networks.

“The problem is what you're really doing then is you're not bringing the mobile into the network, you're actually extending your network into multiple different points,” he explained.

Mobile device policies are starting to become more popular as a way to combat this insecurity. “It's certainly maturing,” Cuddeford said of these policies. “I think a couple years ago the average was no policy whatsoever. Especially around the professionals, they didn't want to limit them from their jobs and they didn't want to start putting policies in place.”

Consistent with this concern, mobile device policies are not particularly popular among company employees. “There is a lot of resistance and a lot of concern,” Cuddeford noted of users. Much like the intrusive anti-virus software that gained popularity a few years ago, many are wary of software installed on their mobile devices that could interfere the content they access or the way they access it.

Cuddeford noted that mobility teams have a tough job in figuring out, “what can we do on a mobile platform to be fair and reasonable to our users.” Unfortunately for those teams, industry standards haven't really formed around this quite yet. “They just have to draw that line right.”

Travel abroad introduces another major concern for mobile security experts. Man-in-the-middle attacks, where hackers can intercept and snoop on communications between a device and its intended destination, are commonly targeted against foreign travelers—Wandera's report found the highest concentrations of these attacks in Germany, Mexico and the UK.

Cuddeford noted that companies can get burned when they ask employees to ensure that they use Wi-Fi connections rather than incur mobile roaming charges. Especially because conference centers and other traveler destinations tend to be a target for man-in-the-middle attacks, Cuddeford said that some cellular connections might be worth the cost.

“They have to balance this. I don't want my users only using cellular, but the Wi-Fi networks have to be trusted,” he suggested.

As anxiety about cybersecurity continues to rise, information governance staff are left with the tough task of securing mobile devices. Crafting a mobile device policy that accounts for both the demands for constant access to both client communication and work product as well as the imperatives to keep company or firm data safe can be a tough line to tow.

Mobile security company Wandera recently released its “Mobile Wifi Security Report.” Drawn from customer data, the report suggests that wireless access on mobile devices can introduce new security vulnerabilities for users. The report found that Wi-Fi access accounts for 74 percent of all wireless data access across an average of 12 different wireless connections per day.

“From our experience we find that people are more susceptible to threats like phishing on mobile,” Dan Cuddeford, Wandera director of sales engineering and author of the report, told LTN. “Generally we offer more trust to our mobile devices.”

Cuddeford pointed to a number of reasons this might be the case. Generally, users interact online through mobile apps, which tend to mask how and where they send information. Unlike computer web browsers, where you can generally see and customize where information is sent, apps run such interactions behind the scenes.

Additionally, as smartphones have become more comprehensive in the services they offer, users have acclimated to using their mobile devices for personal, more casual use, even when devices are owned or operated on company networks.

Connecting devices to the internet via wireless networks as opposed to cellular data amplifies some of their vulnerabilities to network intrusions. Cellular connectivity is generally encrypted by default, making it more difficult to access information, whereas wireless networks tend to have a wide variety of different security protocols in place.

That said, it's not particularly practical to force all interaction through a cellular network, or even through a VPN. Cellular charges can get pretty expensive abroad. And while VPN's offer a way to funnel mobile devices into a secure line, they also introduce access points to companies' internal networks.

“The problem is what you're really doing then is you're not bringing the mobile into the network, you're actually extending your network into multiple different points,” he explained.

Mobile device policies are starting to become more popular as a way to combat this insecurity. “It's certainly maturing,” Cuddeford said of these policies. “I think a couple years ago the average was no policy whatsoever. Especially around the professionals, they didn't want to limit them from their jobs and they didn't want to start putting policies in place.”

Consistent with this concern, mobile device policies are not particularly popular among company employees. “There is a lot of resistance and a lot of concern,” Cuddeford noted of users. Much like the intrusive anti-virus software that gained popularity a few years ago, many are wary of software installed on their mobile devices that could interfere the content they access or the way they access it.

Cuddeford noted that mobility teams have a tough job in figuring out, “what can we do on a mobile platform to be fair and reasonable to our users.” Unfortunately for those teams, industry standards haven't really formed around this quite yet. “They just have to draw that line right.”

Travel abroad introduces another major concern for mobile security experts. Man-in-the-middle attacks, where hackers can intercept and snoop on communications between a device and its intended destination, are commonly targeted against foreign travelers—Wandera's report found the highest concentrations of these attacks in Germany, Mexico and the UK.

Cuddeford noted that companies can get burned when they ask employees to ensure that they use Wi-Fi connections rather than incur mobile roaming charges. Especially because conference centers and other traveler destinations tend to be a target for man-in-the-middle attacks, Cuddeford said that some cellular connections might be worth the cost.

“They have to balance this. I don't want my users only using cellular, but the Wi-Fi networks have to be trusted,” he suggested.