With growing enterprise mobility requirements plus higher numbers of remote workers, properly securing mobile and remote users is causing IT security teams to rethink their endpoint security strategies.
VPN tunneling enables remote users to benefit from most perimeter protections. However, full-time VPN enforcement can be difficult. Users may not always follow VPN usage guidelines. And in mobile BYOD environments, it can be even more challenging. Personal devices may not even be set-up for VPN access, users may use unsecured WiFi networks, and they typically use mobile devices for both corporate and personal purposes.
Special “secure” web proxies are another option for protecting remote workers. But most organizations find deployment and enforcement challenging for similar reasons as for VPN tunneling, especially on BYOD mobile devices. Web proxies also bring their own set of security, user privacy, and latency concerns.
The most commonly deployed security option for remote workers has traditionally been endpoint anti-virus or NextGen AV (NGAV) solutions. But endpoint security for laptops is focused on malware protection and offers little in the form of anti-phishing protection; that is, protection from file-less social engineering attacks designed to exploit users rather than the devices themselves. For the latter, most organizations use a variety of email security solutions. These certainly help reduce the number of phishing emails remote users see in their inboxes, but they do nothing to protect users from targeted phishing attacks in personal email, social media, ads, rogue browser extensions, messaging platforms, and more.
For users on mobile iOS and Android devices, the situation is worse. The vast majority of mobile devices have no special security protection other than the protections natively built into iOS and Android, along with their respective app store vetting processes. Safe browsing protections on mobile are also just a fraction of those on desktop browsers. Fortunately, truly malicious mobile malware is still quite rare. Unfortunately, mobile phishing is rampant. According to at least one mobile threat defense vendor, mobile users are 18x more likely to encounter a phishing threat than malware. There are also additional phishing attack vectors such as SMiShing which are largely unprotected. And with smaller screens and information layouts, important clues such as full URLs are typically hidden, making it easier to phish mobile users.
Protecting Remote Users from Phishing
So, if traditional endpoint and email security solutions, network access, and built-in safe browsing protections aren’t enough to protect remote workers, what now? Time to get purpose-built, remote user phishing protection onto mobile and remote workers’ machines.
Recently, we introduced new solutions to address these key security issues. Our Mobile Phishing Protection solution comes in the form of lightweight, cloud-powered apps that protect iOS and Android users. And for Windows, MacOS, Chrome OS, and Linux users, we offer Browser Phishing Protection for Chrome, FireFox, Safari, and Edge browsers. These lightweight, cloud-powered browser extensions augment endpoint security solutions to provide multi-vector, multi-payload phishing protection. These endpoint and mobile security products are easily deployed and managed with leading Unified Endpoint Management (UEM) solutions or with SlashNext’s own Endpoint Management System.
To find out how you can protect your remote workforce from the growing number of sophisticated phishing and social engineering threats, contact us and request a demo today.