This Mobile Risk Assessment helps organisations understand their risk based on mobile data access, existing controls such as EMM, and the resulting security gaps. This assessment contains four personalized sections generated from your survey response:
GDPR will come into effect on May 25, 2018. Companies, both those based in the EU and those that conduct business in the EU, that fail to comply with GPDR requirements could face a fine of up to 20M EUR or up to 4% of their annual revenue, whichever is greater.
Article 5 of GDPR says that "personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures."
Mobile devices, even those that are corporate owned, are personal. This is the new target for attack, the new risk to an organization. Whether through malicious attack, configurations or user actions, the mobile platform has become a rich target for gaining access to sensitive data.
80% of IT executives agree that the personal data accessed on their employees' mobile devices could put their company at risk for GDPR non-compliance1
Malicious apps that can steal personal data, damage devices and give unauthorized remote access
Device vulnerabilities that can be exploited to heighten attacker permissions to spy on all communications occurring on the device, causing data loss
Apps that access location and therefore turn the mobile device into a proxy of the user’s physical location, allowing an individual to be tracked without explicit consent
Mobile Apps that insecurely handle data at-rest and in-motion, opening the door to attackers to compromise the confidentiality of personal data being transferred
Mobile devices that are connected to a network that has been compromised by a man-in-the middle attack, resulting in personal data being siphoned off the device
Mobile phishing attacks that result in personal data being exfiltrated from the device
Malicious apps can steal info, damage devices, and give unauthorized remote access.
Device threats can cause catastrophic data loss due to heightened attacker permissions.
Data is at risk of attack via Wi-Fi or cellular network connections.
Threats include malicious URLs opened from phishing emails or SMS messages.
Even well known software development companies release apps that contain vulnerabilities.
The vulnerability window is the time it takes from the release of a new patch to adoption.
Mobile devices encounter more hostile networks than laptops, and have less protection.
Malformed content, such as videos, and photos can enable unauthorized device access.
Mobile apps have the potential to leak data such as contact records.
USB debugging for Android or installing apps from non-official app stores.
Misconfigured routers, unknown captive portals, or content filtering.
Lookout integrates with any MDM (such as Intune, AirWatch, MobileIron, MaaS360, and UEM) for simple deployment and management.
Lookout integrates with all SIEM systems (such as Splunk, ArcSight, and QRadar) via our Mobile Risk API.
Ensure your data sovereignty and employee privacy policies are upheld using Lookout’s privacy controls features.