Six mobile security threats to pay closer attention to in 2020
Do you quickly answer emails on your smartphone or sign contracts on a tablet? Mobile devices have become indispensable in our work lives. This also means that the security of sensitive information has become a lot more complicated. Did you know that the average cost of a business data infringement is as much as USD 3.86 million? So, arm yourself against the following six mobile threats.
1. Data breaches
A data breach is the sharing of secure information, deliberately or otherwise. Data breaches are the biggest threat to the security of your organisation. Twenty-eight percent of businesses are running the risk of experiencing at least one incident in the next two years. The likelihood of a data breach is so great because this often involves an unintentional human error. Users often inadvertently make ill-informed decisions about which apps can see and transfer their information. To avoid this, you should install tools that scan apps for ‘leaky behaviour’ and block them if necessary.
It is recommended that you install a firewall and antivirus program on every mobile device. It is also safer to provide mobile devices with necessary passwords, whether or not required to do so, via an online security application. Suggest to your employees that they only install applications from the official app stores.
2. Social engineering: phishing
Social engineering is the exploitation of human traits such as curiosity, trust, greed, fear and ignorance. It is an age-old tactic and just as present and disturbing in the mobile arena as it is on desktops.
One of the most common forms of social engineering is phishing. This is a kind of internet fraud in which the scammers lure people to a fake website in order to coerce them into providing personal data. The fraudsters often use emails for this purpose. Research also shows that 91 percent of all cybercrime starts with email. It also seems that mobile users are most at risk of falling victim to phishing via email. This is due to the way in which many mobile email clients show only the name of the sender. As a result, it is easy to make it appear as though a message has come from someone you know or trust.
Having a good email filter and educating your colleagues can prevent this problem.
3. Public WiFi networks
A mobile device is as secure as the network with which it sends data. In an era in which we all constantly connect to public WiFi networks, this means that our information is often not as secure as we think. So, it is important to encrypt your traffic via a Virtual Private Network connection. With a VPN you create a private network, which enables you to browse the internet securely and completely anonymously.
Unfortunately, selecting the right enterprise-class VPN is not that simple. VPNs tend not to be that user-friendly on mobile devices, and the battery consumption is quite high. In addition, an effective VPN only activates when absolutely necessary and not when a user wants to access a news site, for example, or works in an app that is known to be safe.
Thanks to VPNs, you can create a secure online workplace for your employees. It is important here to choose a professional network administrator.
4. Outdated devices
Smartphones, tablets and smaller devices connected to the network pose a new risk to the security of companies. This is because, unlike traditional work equipment, they usually offer no guarantee of timely execution of software updates. This is particularly true on the Android front, where the vast majority of manufacturers are inefficient at keeping their products current with both updates for the operating system (OS) and smaller monthly interim security patches. There are also a lot of mobile devices that are not designed to receive updates.
So, make sure you choose devices that do receive updates in a timely and reliable manner and get yourself a good safety net. Or install an application that will require you to execute updates in good time. If you do not perform an update, the application will ensure that the user cannot access company data.
5. Cryptojacking attacks
A new addition to the list of relevant mobile threats: cryptojacking. This is an attack where someone uses a device to mine for cryptocurrency without the owner’s knowledge. In other words, a cryptomining process uses your company’s devices for someone else’s gain. This process relies heavily on your technology, which means that affected phones probably have a poor battery life and even suffer damage due to overheating.
For now, there is no effective remedy, but what you can do is draw up a thorough prevention policy. As part of this, state that users may only download apps from a platform’s official store. Endpoint security applications can help you with this.
6. Physical device violations
A lost or unmanaged device poses a high security risk, especially if it does not have a strong PIN or password and complete data encryption. For this reason, it is important to set up a sound policy of prevention and to raise your employees’ awareness. Here too an online security application can help you by forcing you to enter a PIN and by wiping your device remotely if it goes missing.
The malware threat
We have been hearing a lot in the news lately about malware. It is important to know that malware infections are relatively rare. This is thanks to the nature of mobile malware and the security of mobile operating systems. They really are not so bad. The more realistic threats to mobile security therefore lie in those things which are easily overlooked.