Smartphones have become an integral part of daily life, both personally and professionally. But their use is not risk-free.
One in three organizational data breaches are caused by a mobile device, so it is essential that all organizations develop a strong focus on mobile security.
Facial recognition or a strong pin might be enough to keep things safe from general threats, but it isn’t enough to keep mobile devices safe from cybercriminals trying to steal sensitive data.
The Numbers Speak for Themselves
Mobile devices are responsible for over 70% of online fraud. According to Statista, there are about 15 billion mobile devices in the world and one in 36 mobile devices have a high-risk app (apps that have a high number of downloads, making them prime targets of hackers) installed on them. That means 450 million devices are potential victims of cyberattacks. Users must be cautious about the kind of information they have stored on their smartphones.
Mobile Security Under Attack
With the increasing number of remote workers, mobile security needs to be a top priority for corporate security teams. Employees now routinely access company data on smartphones through emails and business communication platforms.
Mobile devices are convenient to use on the go, but that means sensitive company data is always vulnerable to attack. Here are some of the biggest threats to mobile security that employees can avoid:
- Unsecured/Public Wi-Fi Networks: Connecting to open, unsecured Wi-Fi networks is a bad idea. Doing so could allow anyone to spy on a user’s activity, so users must never access information such as company, banking or even credit card information on such networks.
- Weak Passwords: Do not use easily remembered passwords or those with personal, easy guessable significance, especially if the mobile devices contain both business and personal accounts.
- Data Leaks: When users download an app, they’re prompted to allow various device permissions which often send data to remote servers. This data is often shared with advertisers to analyze user behavior, making an easy target for cybercriminals.
- Gaps in End-to-End Encryption: Encryption gaps are loopholes that cybercriminals look to exploit and are a result of poor practice as opposed to technical failure. Any mobile app that’s unencrypted could potentially provide cybercriminals with an opening to breach your employees’ personal and professional data stored on their smartphones.
- Email Phishing: 2020 saw a 37% increase in enterprise mobile phishing attacks. Mobile devices are extremely vulnerable to phishing attacks as users are almost always online. Cybercriminals make these emails look important and when users open them, they might be prompted to download something, which could end up being malware.
- SMS Phishing (Smishing): SMS phishing is on the rise. There was a 328% increase in SMS phishing attacks between the second and third quarters of 2020. Smishing attempts can be more effective than phishing with messages claiming to be from trusted sources such as Amazon, Netflix or even tax authorities. These contain links that when clicked could steal credentials or funds, or even deliver malware.
- Carelessness: With most businesses working remotely, the probability of employees misplacing their mobile phones in public places, is increased. A lost or unattended device can be a huge security risk, especially if it does not have a strong passcode and data encryption.
Steps to Enhance Enterprise Mobile Security
Organizations should educate employees on developing mobile security best practices.
- Strong Passwords: Most people still use simple, easy-to-remember passwords. Users must also avoid reusing passwords on different websites. That way, if one password is compromised, cybercriminals won’t get access to other information elsewhere. Passwords should be changed regularly.
- Safety on Unsecured Wi-Fi Networks: It is inevitable that employees’ use of mobile devices for work will only increase as will the use of unsecured, public networks. Companies can protect organizational data by making it mandatory for employees to access company data only through a secure VPN.
- Emails from Unknown Sources: Employees must avoid opening emails that are not from a trusted source. This is getting harder as criminals become more sophisticated, so continual education is key.
- App Permissions: Employees should be trained on app permissions. Users must only give apps the permissions essential for them to function. The fewer permissions users share, the safer their data is.
- Antivirus Software on Mobile Devices: While Installing antivirus on laptops and desktops is a common practice, it is often overlooked on mobile devices. But with their increased use, it is essential that mobile devices get the same levels of protection.
With the increasing use of mobile devices for both personal and professional purposes, threats to mobile device security are increasing. Organizations and employees must take the steps necessary to avoid becoming victims of cyberattacks.