A mobile device management strategy must be a priority for whoever owns enterprise operations. The global workforce
conducts business everywhere, and sensitive information follows them via their mobile devices. Unfortunately, mobile endpoints are the weakest link for securing data as the workforce continuously connects into organizational systems and communications tools from anywhere. So, you must provide a secured
framework to manage and monitor mobile endpoints. Every IT department knows that is a requirement in order to keep up with evolving workforce demands. Often, there is a lack of C-Suite awareness and support to do what it takes.
According to Verizon’s 2018 Mobile Security Index, employee awareness of mobile device security is quite low and 35% of companies provide no mobile device security training. Yet, many companies are relying on employees to avoid risk instead of investing in the tools that can help enforce policies and prevent incidents. Respondents also said 79% said their employees are considered a significant threat to mobile security.
ISEC7 recommends proactively appointing an in-house point of contact to acquire the institutional knowledge and manage an enterprise mobility program. Delivering on these requirements demands specialized skillsets and resources capable of applying industry best practices for Enterprise Mobility Management (EMM). Therefore, training is critical – for a mobility POC, as well as, all employees.
We commend Maryland Governor Larry Hogan for creating a CISO position for the State of Maryland; it is well-needed in light of the recent ransomware attack that crippled Baltimore city operations for 6 weeks and cost an estimated $18.2M. Today, Riviera Beach, Florida paid $600k in Bitcoin after an employee clicked on a malicious email. Over 170 municipalities that have been attacked since 2013, including at least 45 police and sheriff's offices. In many cases, these hacks could have been avoided with proactive measures, such as employee
cybersecurity awareness training or implementing security policies.
Core enterprise mobility training is available for people to learn broader aspects of mobile device management and security (mobile device hardware, operating systems, network connectivity and mobile strategy options). ISEC7 suggests that organizations find a training program with technical and operational guidance. Skill sets for mobility managers should include the following categories:
- Mobile Device Hardware and Industry
- Mobile devices
- Mobile Device Hardware
- Mobile Operation Systems
- Operating Systems
- Abstraction Layers
- OS Security
- Network and Connections
- Physical Connections
- Enterprise Mobile Management (EMM)
- Deploying the Device Plan
- EMM Vendors
Certifications are also available to bolster enterprise mobility expertise, like Certified Mobile Device Security Professional (CMDSP), a vendor-agnostic program. It provides mobile device security professionals with the knowledge to address technical and security challenges involved in deploying and managing the full spectrum of the enterprise mobile device environment. CMDSP Training is ideal for: mobile device management administrators, network administrators, mobility architects, and security administrators.
For the more mobility-mature enterprise environment where a mobile management tool is deployed, training courses are available for those specific solutions, like: Android® Enterprise Fundamentals, Samsung® Knox Fundamentals, BlackBerry® Unified Endpoint Management Advanced UEM, BlackBerry Dynamics and BEMS, MobileIron® Design and Deployment Special Fundamentals, and others.
ISEC7 offers a variety of training courses with details available online here.