Mobile security has become a top concern for a number of companies, as the average cost of a corporate data breach is $3.86 million. Employees often access and use corporate data through their smartphones, which means protecting sensitive data can be tricky.
Focusing on malware can be easy, as mobile malware infections are uncommon in the corporate world, thanks in part to the built-in features of mobile devices that protect the operating system. There are, however, other considerations with mobile devices that can make mobile security tricky. Here are five worth considering.
Security Threat No. 1: Out-of-Date Devices
Internet of things (IoT) devices, smartphones, tablets, smart watches and other devices connected to the corporate network can act as entry points in compromising enterprise security. In particular, outdated software and operating systems on these devices are vulnerable. This is common on the Android front, where the majority of manufacturers don’t actively keep their software updated.
Operating system updates and patches need to be kept up to date. But certain IoT devices aren’t designed to be updated, leading to a higher probability of data breach. And considering 82 percent of IT professionals believe unsecured IoT devices will cause a data breach, is an alarming situation for any organization.
Security Threat No. 2: Social Engineering
A shocking 91 percent of cybercrime begins with a fake email, and the term is referred to as “malware-less attacks,” because it relies on people clicking or opening dangerous links or providing critical info.
According to FireEye, phishing grew 65 percent in 2017, and mobile devices are major targets: Many mobile email clients display only the sender’s name to easily fool people into assuming it’s from someone they trust.
It’s surprising only 4 percent of users click on phishing-related links, according to the “2018 Data Breach Investigations Report.” It can be assumed that the more times someone has clicked on phishing links, chances are they will do it again.
It’s important to educate employees who are using their mobile devices for both personal and work, as more employees are blending their work and personal email accounts, whether it’s on a smartphone or PC. When it comes to online security, all it takes is one opened phishing email to compromise an entire network.
Security Threat No. 3: Data Leakage
Data leaks can be a particularly onerous threat for organizations, especially when it comes to sensitive customer data. The challenge is to incorporate a countermeasure such as software that is effective and easy to use.
Mobile threat defense (MTD) products can initiate an automated blocking process that would halt emails and filter them out. However, they don’t protect against all data leakages, such as employees copying company files onto public cloud storage.
The healthcare sector in particular is struggling with issues of data leakage, as data breaches of patient information are increasing as well as insider leaks of the healthcare organization at large.
Security Threat No. 4: Wi-Fi Interference
Wi-Fi security has been talked about countless times, and yet it is still a threat. Devices are only as secure as the network they are on. Connecting to public WiFi puts the information on the device in great danger.
A growing number of corporate devices are being used on public Wi-Fi networks because of their ubiquity. As a result, threats such as man-in-the-middle attacks, in which a hacker maliciously penetrates communication among two users, are becoming more prevalent.
Virtual private network (VPN) to secure online networks are the best way to work securely on a Wi-Fi network. There are multiple VPN technologies available based on an organization’s needs. With one click, threats to the device are greatly reduced.
Security Threat No. 5: Password Handling Negligence
The consequences of improperly handling account credentials can be devastating for users and organizations—especially to those who use their phones for just about everything. But a survey by Google and Harris Poll found more than half of U.S. citizens reuse their passwords on different accounts.
What’s more, the majority aren’t using two-factor authentication, which can go a long way in increasing the security of data on mobile devices. Password managers also can help, but their use still isn’t widespread.
Combine the risk and multiply it by the number of an organization’s employees. The risk of exposing and losing a great deal of data is massive.
It’s high time people start taking action to protect themselves and their data against mobile threats. If hackers are evolving their technologies to harvest and disable data, then users should be taking countermeasures.
Understanding the threats wrought by mobile devices can go a long way toward protecting against them.