Endpoint/Device Security, Privacy, Email security, Identity

Privacy vs. Mobile Security: Why You Don’t Have to Choose

Credit: Adobe Stock Images

When it comes to how employees get work done, personal devices are an ever-growing part of the equation. The 2023 Lookout State of Remote Work Security Report found that 92% of remote workers have performed work tasks on their personal mobile devices.

While putting security controls on employer-owned devices is a no-brainer, the increasing overlap of personal with professional means that organizations need to think about how to secure employee-owned devices that are being used for work. 

Of course, a lot of people are naturally resistant to the idea of putting an employer-mandated security application on their personal mobile devices. No one wants to feel like their employer is spying on them when they’re using their phones in the off-hours. 

But in the current cybersecurity climate, leaving personal mobile devices unsecured could prove to be a costly mistake. Personal devices are now a very common entry point for threat actors. With so many people using them for work, personal phones can serve as a direct route to your organization’s cloud resources, and if breached, your sensitive data could be at risk. 

This leaves organizations feeling stuck between a rock and a hard place: either they can secure personal mobile devices and upset employees, or they can leave those devices unsecured and risk becoming the victim of a preventable cyber attack. But with the right tool, they don’t have to choose between user privacy and mobile security.

‍Personal Mobile Devices Aren’t as Private as You Think

Personal mobile devices are essentially an avatar of their user. They’re rich with all sorts of information, both personal and work-related. Contact lists, personal and work email accounts, social media accounts, banking apps, dating apps, work cloud apps, and the list goes on. 

If a threat actor breaches a mobile device, they’ve essentially gained access to the user’s entire life. Unfortunately, there are a lot of opportunities for mobile devices to be breached, including: 

Because the line between personal and professional has become so blurred, if one of your employees is breached from their personal device, it means your corporate data may also be exposed. That’s why, to maintain both privacy and data security, your organization needs a mobile security strategy that covers all end-user devices — including personal devices. 

‍A Mobile Security Solution That is the Best of Both Worlds

Lookout’s mobile security solution was built on protecting privacy. We cut our teeth in the consumer space, so respecting personal privacy is part of our DNA. We only collect the data we need to deliver robust security — no more, no less. 

Protection monitoring for iOS, Android, and ChromeOS devices can be a particular challenge, which is why we use artificial intelligence and machine learning to strike the right balance. Using this big-data solution, Lookout Mobile Endpoint Security can efficiently detect and respond to threats without requiring the resource-intensive and intrusive scanning of traditional endpoint security. 

What We Don’t Collect

We don’t pass any personal data onto administrators. In fact, administrators don’t know who the particular user is at all. We focus on the issues, keeping users anonymous. This means your employees can feel confident the organization will never see their personal data, including: 

  • Text messages 
  • Photos 
  • Contacts 
  • Specific URLs blocked by phishing and content protection
  • Apps

Organizations can also exert additional privacy controls to further limit the data Lookout collects, and by integrating with a mobile device management (MDM) solution, Lookout can provide full security while avoiding data collection altogether. 

What We Do Collect

Of course, Lookout does need to collect some information, which remains anonymous, from devices to identify and protect against potential threats. These include: 

  • App metadata, to identify app-based security threats 
  • Firmware and OS data, to detect compromised firmware or vulnerable OSs 
  • Configuration data, to detect risky or malicious configuration profiles
  • Device identifier, to enable end-user communication to detect and remediate threats 
  • Web content data, to block access to malicious web content or phishing sites 
  • Network security data, to enable decisions for protecting against network attacks

When users install the Lookout app on their phones, they are educated about all these issues. This way, they can understand why the app is needed and feel comfortable having it on their personal device. 

Why Mobile Security Matters

Lookout recognizes that personal devices are personal — even when they’re used for work. But with a modern-day kill chain that often starts with mobile devices, a single compromised personal device can have resounding consequences. 

With mobile devices serving as keys to the cloud, mobile security is critical for both the enterprise and the end user. That’s why Lookout has built a modern mobile security solution that keeps data protected without violating end-user privacy.

Blog courtesy of Lookout. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program. Read more Lookout news and guest blogs here.