close
close

Privacy and mobile security: why you don’t have to choose

Posted on by darion

When it comes to how employees do their jobs, personal devices are playing an increasingly important role. The Lookout State of Remote Work Security Report 2023 found that 92% of remote workers performed work tasks on their personal mobile devices.

While implementing security controls on employer-owned devices is a no-brainer, the increasing overlap between personal and professional devices means organizations must consider how to secure employee-owned devices used at work.

Of course, many people are inherently opposed to the idea of ​​including an employer-required security app on their personal mobile devices. Nobody wants to feel like their employer is spying on them when they use their phone outside of work hours.

However, in today’s cybersecurity climate, leaving personal mobile devices unprotected can prove to be a costly mistake. Personal devices are now a very common entry point for cybercriminals. Because so many people use them at work, personal phones can serve as a direct route to your organization’s cloud resources, and in the event of a breach, sensitive data could be at risk.

This leaves organizations feeling between a rock and a hard place: either they can secure personal mobile devices and upset employees, or they can leave these devices unsecured and risk falling victim to a preventable cyberattack. However, with the right tool, they don’t have to choose between user privacy and mobile security.

Personal mobile devices are not as private as you think

Personal mobile devices are essentially the avatar of their user. They are rich in all kinds of information, both personal and work-related. Contact lists, personal and work email accounts, social media accounts, banking apps, dating apps, cloud apps for work and the list goes on.

If a threat actor breaches a mobile device, they essentially gain access to the user’s entire life. Unfortunately, there are many ways to hack mobile devices, including:

With the line between home and work life becoming increasingly blurred, if one of your employees has their personal device compromised, it could mean that your company’s data could also be exposed. Therefore, to maintain both privacy and data security, your organization needs a mobile security strategy that covers all end-user devices – including personal devices.

A mobile security solution that’s the best of both worlds

Lookout’s mobile security solution is built with privacy in mind. We cut our teeth into the consumer space, so respecting privacy is part of our DNA. We only collect the data we need to ensure robust security – no more, no less.

Monitoring the protection of iOS, Android and ChromeOS devices can be particularly challenging, so we use artificial intelligence and machine learning to strike the right balance. Using this big data solution, Lookout Mobile Endpoint Security can effectively detect and respond to threats without the resource-intensive and invasive scanning of traditional endpoint security.

What we don’t collect

We do not provide any personal data to administrators. In fact, administrators don’t know who a given user is at all. We focus on problems while maintaining user anonymity. This means your employees can be confident that the organization will never see their personal information, including:

  • SMS messages
  • Photos
  • Communication
  • Specific URLs blocked by phishing and content protection
  • Apps

Organizations can also apply additional privacy controls to further limit the data Lookout collects, and by integrating with a mobile device management (MDM) solution, Lookout can ensure complete security by avoiding data collection altogether.

What we collect

Of course, Lookout must collect certain information, which remains anonymous, from devices in order to identify and protect against potential threats. These include:

  • Application metadatato identify security risks associated with applications
  • Firmware and operating system datato detect infected firmware or vulnerable operating systems
  • Configuration datato detect risky or malicious configuration profiles
  • Device ID, to enable end-user communications to detect and remediate threats
  • Internet content data, to block access to malicious web content or phishing sites
  • network security data, to enable decisions to be made regarding protection against network attacks

When users install the Lookout app on their phones, they gain knowledge about all these issues. This way, they can understand why the app is needed and feel comfortable having it on their personal device.

Why mobile device security matters

Lookout recognizes that personal devices are personal – even when used at work. But in today’s kill chain, which often begins with mobile devices, a single hacked personal device can have enormous consequences.

Since mobile devices serve as keys to the cloud, mobile device security is critical for both the enterprise and the end user. That’s why Lookout has created a modern mobile security solution that protects data without compromising end-user privacy.

Blog courtesy of Lookout. Regularly posted guest blogs are part of the MSSP Alert sponsorship program. You can read more news from Lookout and guest blogs here.