Cybersecuritymobile devices cybersecurity

Business workers need to get the job done from anywhere with a mobile device, whether it is to use email, the internet, apps, or GPS navigation features. However, mobile device security is not keeping up with threats increasing rapidly in cyberspace. On the one hand, corporations must continue using mobile devices for business to increase convenience, raise productivity, and keep a competitive advantage. On the other hand, these same corporations must protect sensitive company data, including employees’ personally identifiable information, classified documents, and customer records

Security breaches on mobile devices are becoming increasingly popular within cybercriminal circles because of user popularity and careless security practices. A 2016 Ponemon Institute study found that 67 percent of surveyed IT professionals said it was certain or likely that a breach had occurred as a result of mobile device use. Also, 64 percent admitted that their organization was not vigilant about protecting sensitive data on this hardware, and 63 percent had no policy regarding what type of company data employees can store on their mobile devices.

What are the risks of using mobile devices for company use?

A mobile device increases the surface area of attack for a corporation. The potential risks associated with corporate mobile device use include:

  • The tendency to lose the device: Mobile devices are small, easily portable, and extremely lightweight. Users can easily leave the device behind in airports, taxicabs, and airplanes.
  • Not using standard computer security methods: People tend to not apply traditional forms of security, such as firewalls, anti-virus, and encryption.
  • Unsafe user habits: Lax mobile device user habits can leave the business open to breaches. Many users leave PIN protection disabled and do not update the device regularly.
  • Connecting to public Wi-Fi: Many users put corporate data at risk by not scrutinizing the security of public access points. These workers are anxious to get work done and will connect to Wi-Fi by any means necessary. However, a cybercriminal can create a legitimate-sounding name for the Wi-Fi signal, such as “Airport Wi-Fi” and then spy on the information your mobile device transmits.
  • Rogue Third-Party App Stores: The official iOS and Android app stores have rigorous standards for evaluating programs for safe download and use. However, the apps in third-party stores operating outside these channels typically do not have these same guidelines. Users are at risk of downloading apps that either has security holes or contain malware.
  • Devices infecting business networks: A compromised device may become an attack agent and spread malware in the business network.
  • Phishing attacks: Malicious links in emails, SMS text messages, and mobile apps can execute keylogging software or encourage you to give away sensitive information to an untrusted source.

What events can result from risky mobile device use?

  • Stolen data due to loss, theft, or disposal
  • Unauthorized access
  • Electronic eavesdropping
  • Spread of malware

How can your employees use mobile devices safely?

  • Avoid unsafe Wi-Fi connections: If you are in a public place, such as a coffee shop or airport, confirm the name of the official network with an employee. Also, once you are on the network, make sure to turn off sharing, use two-factor authentication for online accounts, and sign off when finished using the network.
  • Enable the lock screen on your mobile device: Set the lock on your phone by requiring a PIN for access.
  • Use security software: Use protection software on your mobile device, including anti-virus/anti-malware protection and data encryption.
  • Download apps from authorized marketplaces such as Apple’s App Store, Google Play, or the company’s designated app marketplace.
  • Keep the device’s Bluetooth setting out of discovery mode when not in use
  • Connect your device to networks via a Virtual Private Network (VPN): VPNs create a secure connection by encrypting network activity and enforcing password/location-based policies. This security combination makes it more difficult for cybercriminals to intercept corporate data.
  • Be careful with what you click on: Make sure to inspect links closely on emails and texts. Also, do not open unexpected attachments, especially from people you do not know.
  • Implement a mobile device management (MDM) solution: SwiftTech can help your business monitor and manage your mobile devices on an ongoing basis. Our MDM deployment projects include a mobility assessment, expert recommendations, integration with IT systems, onboarding, and much more.

What should your employees do if their device is lost or stolen?

  • Report the loss to your organization, mobile device provider, and if necessary, the local authorities.
  • Log into account websites on another device and change your passwords.
  • Wipe the phone remotely if needed.

To learn more about our IT security services, contact us at info@swifttechsolutions.com or 877-794-3811.

SOURCES
Johnson, E. New Study Shows Mobile Devices The Cause Of Some Data Breaches. (2016, February 23). Retrieved from: http://www.darkreading.com/endpoint/new-study-shows-mobile-devices-the-cause-of-some-data-breaches/d/d-id/1324415
Lella, A. Smartphone Apps Are Now 50% of All U.S. Digital Media Time Spent. (2016, September 1). Retrieved from: http://www.comscore.com/Insights/Blog/Smartphone-Apps-Are-Now-50-of-All-US-Digital-Media-Time-Spent
Trend Micro. 4 ways mobile devices still threaten your business. (2017, April 19). Retrieved from: http://blog.trendmicro.com/4-ways-mobile-devices-still-threaten-your-business/
Kerravala, Z. Mobile devices pose biggest cybersecurity threat to the enterprise, report says. (2015, August 24). Retrieved from: http://www.networkworld.com/article/2974702/cisco-subnet/mobile-devices-pose-biggest-cybersecurity-threat-enterprise-report.html
Ruggiero, P. and Foote, J. Cyber Threats to Mobile Phones. (2011). Retrieved from: https://www.us-cert.gov/sites/default/files/publications/cyber_threats-to_mobile_phones.pdf
Dignan, L. Your Biggest Cybersecurity Weakness Is Your Phone. (2016, September 22). Retrieved from: https://hbr.org/2016/09/your-biggest-cybersecurity-weakness-is-your-phone