Both the business and personal world is becoming ever more dependent on mobile devices, be they smart phones or tablet computers. This became even more evident during the coronavirus lockdowns when many employees had to work from home and most people shopped from home too. Figures just released show that in the first quarter of 2021, 54.8% of all web browsing – worldwide – was on smart phones, the highest proportion ever recorded. (That figure doesn’t even include tablets).
Mobile devices provide flexibility but they bring with them many security concerns. Smart phones can potentially give cybercriminals new ways to penetrate company networks or intercept data. For now, most business leaders clearly believe that the benefits of mobile devices outweigh the risks, despite knowing how costly security breaches can be.
The main risks of mobile devices
There are a range of security risks that need to be remedied to make the use of mobile devices less vulnerable. These risks include the following.
Numerous security threats arise because owners, and companies, pay less attention to performing regular updates to phones than they would to desktop systems. Running old versions of software or operating systems makes it very easy for hackers to find weak spots. Applying updates and patches as soon as they are available closes down those vulnerabilities as soon as they become known.
Insecure WiFi networks are another concern. With mobile devices, it is very hard to know how secure the network they are using is – especially if it is public (perhaps a café or hotel). Mobile devices almost always use WiFi connections and a ‘man-in-the-middle’ attack is one of the main risks associated with insecure WiFi.
Social engineering is the practice of using fake emails or other communications to trick employees into revealing exploitable private information such as bank account numbers or details that help them guess passwords into confidential user accounts. Phishing emails are one of the most common social engineering techniques and have increased significantly during the COVID-19 pandemic. There is evidence that mobile users are more likely to respond to phishing emails than those using a desktop.
Data leakage should be regarded as a serious threat to business security in 2021 – and can be very costly. Most cases arise when mobile phone users inadvertently install apparently harmless apps that then read and transfer their confidential data. Other ways that data frequently leaks is by pasting confidential information into a public cloud storage service, or simply forwarding emails to the wrong person. These mistakes are simply more likely from mobile devices beyond the scrutiny of company IT departments.
While not restricted to mobile devices, poor password hygiene is alarmingly common. Many people re-use the same password for multiple accounts, most aren’t protected by multi-factor authentication, and many passwords are easy to guess. Weak passwords are responsible for the majority of hacking-related breaches.
Finally, a serious threat comes from lost or unattended mobile devices. Without strong passwords and full data encryption, any device that is stolen, lost or left unattended can be used to get into a company network or provide enough information to facilitate identity theft.
How can organisations mitigate the risks from mobile devices?
– Issue company-owned equipment set up by in-house IT staff
– Create secure mobile gateways for accessing company networks
– Store mobile backups in a safe location (in a common online repository)
– Restrict the use of third-party software on the same devices
– Install up-to-date antivirus/anti-malware software on all mobile devices
– Always use secure authentication mechanisms such as 2FA or MFA
– Make sure all data is encrypted
– Always encourage users to lock mobile devices away when they are not in use.
Last but by no means least, many of your security concerns can be outsourced to security specialists. Unifying software services in the Cloud makes security easier, and cheaper, to administer.