Did you know that only 20% of Apple iOS devices are running on the latest operating system?
Running outdated iOS systems leaves you open to well-known vulnerabilities such as Ins0mnia and Quicksand. A report by security provider Duo Security estimates that more than 20 million devices connected to enterprise networks are no longer supported by the device manufacturer. And, because they can’t be upgraded, they pose a real problem.
This issue is compounded by the fact that there are numerous devices still on the market that can’t receive updates, so potentially, even new devices could be a security threat.
It’s not just iOS
This isn’t a problem that’s just confined to Apple. It is estimated that there are more than 90% of Android devices running out-dated operating systems too.
With the number of personal mobile devices being used in the workplace, Duo Security warn that IT professionals must be aware of the risks and how to sort them quickly.
Education, education, education
The only way this can be addressed effectively is for the device users to take some responsibility.
Henry Seddon, head of European Operations at Duo Security told Computer Weekly:
“Users need educating, but organisations need to put in place systems that not only educate users, but can also encourage them and make it easy for them to upgrade to the latest versions of software. It’s up to everybody in the company to take responsibility for the company’s security and their own, and organisations need to prove the tools that stop them at key points, and encourage and enable them to follow past practice.”
Failure to do so can potentially open up organisations to malware and other forms of attack.
Here are some of Duo Securities recommendations:
- Establish basic mobile device security policies for the company and get buy-in from business managers
- Enable all employees to use passcode and fingerprint screen locks to prevent trivial access to sensitive data on mobile phones
- Consider excluding phones that are jail broken
- Provide helpful tips and reminders to users to check for updates on personal devices accessing company data
- Update or replace outdated hardware in use in the enterprise that may no longer be supported with security updates by the manufacturer
- Recommend that employees using Android devices consider Nexus handsets with more frequent and direct platform update support
- Address common update issues up front with guidance on problems related to updating mobile devices, such as providing tips on freeing space for updates
- Use free tools to detect devices with particularly concerning vulnerabilities (e.g. X-Ray for Android)
This is no longer something that can be ignored by businesses. Management and employees must work together to ensure the security of data and avoid embarrassing breaches.
Source: Computer Weekly