ETS - Erb's Technology Solutions, Connecting People with Technology

Mobile Phones Could be the Biggest Threat to Enterprise Security

June 25, 2018

Mobile Phones Could be the Biggest Threat to Enterprise Security

June 25, 2018

There is a troubling sense of false security among even the most tech-savvy mobile phone users today. In fact, mobile devices are probably the most ignored threat, with only roughly one-third of corporations actually deploying a mobile malware solution, according to Check Point. While many expect their iPhone or Android devices to be secure by default, the reality is quite different — Android and iOS operating systems are being targeted at rapidly growing rates. This is particularly concerning as more employees use their personal devices in the workplace.

It’s a common practice for businesses to provide personal computers for their employees, but when it comes to mobile devices, companies do not think twice about allowing employees to bring their devices into the workplace. According to Gartner, only 23% of employees are given corporate-issued smartphones. These devices hold highly sensitive company data, which has created an entirely new challenge for businesses looking to gain a better handle on mobile security beyond the office walls.

Here are three precautionary steps to consider:

1. Require Mandatory Passwords On Personal Devices

Employers need to be aware of the dangers of allowing mobile devices at work and need to set policies in place when allowing mobile connectivity to the office network.

When a personal device is used for work, it is no longer personal. Set a policy requiring employees to set automatic locks on mobile devices with a strong passcode. If an employee loses a device, the passcode prevents corporate data from falling into the wrong hands. Using biometrics such as a fingerprint scan is an even better way to prevent cybercriminals from cracking the code and infiltrating your network.

2. Educate About The Dangers Of Downloading Mobile Applications

The volume of app downloads on mobile devices far exceeds PCs. On a computer, most of a user’s activity takes place in a browser with protected software. When a user downloads an app on a device and does not limit permissions, hackers have access to a treasure trove of information.

We are still facing a bit of a Wild West situation with respect to application development and consumer use. Even today, it seems as though security is not a top concern for application development, leaving many opportunities for hackers to use applications to compromise end users. What’s more, even with the built-in security features and malware monitoring of the Apple Store and Google Play Store, mobile malware still prevails.

For example, last year roughly 2 million Android users fell “victim to malware hidden in over 40 fake companion guide apps for popular mobile games, such as Pokémon Go and FIFA Mobile, on the official Google Play Store.”

Employers should encourage their staff to practice good mobile application hygiene, which includes always downloading from an official app store, being wary of copycat applications, reviewing the permissions before installing an app, limiting access to contacts and location-specific data and keeping applications up to date so the latest fixes will apply. Overall, if the app is no longer supported by the Google Play Store or the Apple Store, delete it.

3. Download Anti-Malware Defenses

Relying on security know-how, caution and built-in device features are no longer enough to protect mobile devices from being hacked.

 In 2017, a strand of Android malware infected 36.5 million smartphones. In a preemptive effort, companies should require employees to have an anti-malware app downloaded on their personal devices if they are using their mobile devices in any work capacity. By having this extra layer of security, anti-malware will automatically scan for malware or potentially unwanted programs such as screen lockers or adware. Depending on the anti-malware you have selected, some offer features such as clearing all of your data if you misplace your mobile device, tracking and blocking unidentified callers. Furthermore, they have the option to delete cookies and clear your browsing history.

The rise of mobile device usage over the years has attracted the attention of cybercriminals and has shifted their focus from the typical computer hack to the data-rich mobile world. Mobile devices — with their ability to snap pictures, share locations and open corporate attachments — are the true window to our private and business lives and the easiest ways for cybercriminals to gain unauthorized access.

Employers must recognize that employees are holding a potential threat in their hands and take the proper steps to protect their networks from mobile breaches.