If your company uses mobile devices to conduct company business, such as accessing company email or sensitive data, pay close attention to mobile security and the potential threats that can expose and compromise your business networks. This section describes the mobile threat environment and the practices that businesses can use to help secure devices such as smartphones, tablets and Wi-Fi enabled laptops.
Many organizations are finding that employees are most productive when using mobile devices, and the benefits are too great to ignore. But while mobility can increase workplace productivity, allowing employees to bring their own mobile devices into the enterprise can create significant security and management challenges.
Data loss and data breaches caused by lost or stolen phones create big challenges, as mobile devices are now used to store confidential business information and access the corporate network. According to a recent survey by Internet security firm Webroot, 73 per cent of respondents were “extremely concerned” or “very concerned” about loss of company or customer data on company-owned mobile devices. Sixty-nine per cent were “extremely concerned” or “very concerned” about malware infections and 61 per cent about lost or stolen devices. It is important to remember that while the individual employee may be liable for a device, the company is still liable for the data.
Top threats targeting mobile devices
- Data loss – An employee or hacker accesses sensitive information from device or network. This can be unintentional or malicious, and is considered the biggest threat to mobile devices.
- Social engineering attacks – A cyber criminal attempts to trick users into disclosing sensitive information or installing malware. Methods include phishing and targeted attacks.
- Malware – Malicious software that includes traditional computer viruses, computer worms and Trojan horse programs. Specific examples include the Ikee worm, targeting iOS-based devices, and Pjapps malware that can enrol infected Android devices in a collection of hacker-controlled “zombie” devices known as a “botnet.”
- Data integrity threats – Attempts to corrupt or modify data in order to disrupt operations of a business for financial gain. These can also occur unintentionally.
- Resource abuse – Attempts to misuse network, device or identity resources. Examples include sending spam from compromised devices or denial-of-service attacks using computing resources of compromised devices.
- Web- and network-based attacks – Launched by malicious websites or compromised legitimate sites, these target a device’s browser and attempt to install malware or steal confidential data that flows through it.
A few simple steps can help ensure company information is protected. These include requiring all mobile devices that connect to the business network be equipped with security software and password protection, and providing general security training to make employees aware of the importance of security practices for mobile devices. More specific practices are detailed below.
1. Use security software on all smartphones.
Security software specifically designed for smartphones can stop hackers and prevent cyber criminals from stealing your information or spying on you when you use public networks. It can detect and remove viruses and other mobile threats before they cause you problems. It can also eliminate annoying text and multimedia spam messages.
2. Make sure all software is up to date.
Mobile devices must be treated like personal computers in that all software on the devices should be kept up to date, especially the security software. This will protect devices from new variants of malware and viruses that threaten your company’s critical information.
3. Encrypt the data on mobile devices.
Business and personal information stored on mobile devices is often sensitive. Encrypting this data is another must. If a device is lost and the SIM card stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
4. Have users password-protect access to mobile devices.
In addition to encryption and security updates, it is important to use strong passwords to protect data stored on mobile devices. This will go a long way toward keeping a thief from accessing sensitive data if the device is lost or hacked.
5. Urge users to be aware of their surroundings.
Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulders.
6. Employ these strategies for email, texting and social networking.
- Avoid opening unexpected text messages from unknown senders. As with email, attackers can use text messages to spread malware, phishing scams and other threats among mobile device users. The same caution should be applied to opening unsolicited text messages that users have become accustomed to with email.
- Don’t be lured in by spammers and phishers. To shield business networks from cyber criminals, businesses should deploy appropriate email security solutions, including spam prevention, which protects a company’s reputation and manages risks.
- Click with caution. Just like on stationary computers, social networking on mobile devices and laptops should be conducted with care and caution. Users should not open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the information on it.
In the case of a loss or theft, employees and management should all know what to do next. Processes to deactivate the device and protect its information from intrusion should be in place. Products are also available for the automation of such processes, allowing businesses to breathe easier after such incidents.
8. Ensure all devices are wiped clean prior to disposal.
Most mobile devices have a reset function that allows all data to be wiped. SIM cards should also be removed and destroyed.
Looking for a way to protect your business, information and customers against growing cyber threats? Get your free copy of our Cyber Liability Toolkit!