There is a troubling sense of false security among even the most tech-savvy mobile phone users today. In fact, mobile devices are probably the most ignored threat, with only roughly one-third of corporations actually deploying a mobile malware solution, according to Check Point. While many expect their iPhone or Android devices to be secure by default, the reality is quite different — Android and iOS operating systems are being targeted at rapidly growing rates. This is particularly concerning as more employees use their personal devices in the workplace.
It’s a common practice for businesses to provide personal computers for their employees, but when it comes to mobile devices, companies do not think twice about allowing employees to bring their devices into the workplace. According to Gartner, only 23% of employees are given corporate-issued smartphones. These devices hold highly sensitive company data, which has created an entirely new challenge for businesses looking to gain a better handle on mobile security beyond the office walls.
Here are three precautionary steps to consider:
1. Require Mandatory Passwords On Personal Devices
Employers need to be aware of the dangers of allowing mobile devices at work and need to set policies in place when allowing mobile connectivity to the office network.
When a personal device is used for work, it is no longer personal. Set a policy requiring employees to set automatic locks on mobile devices with a strong passcode. If an employee loses a device, the passcode prevents corporate data from falling into the wrong hands. Using biometrics such as a fingerprint scan is an even better way to prevent cybercriminals from cracking the code and infiltrating your network.
2. Educate About The Dangers Of Downloading Mobile Applications
The volume of app downloads on mobile devices far exceeds PCs. On a computer, most of a user’s activity takes place in a browser with protected software. When a user downloads an app on a device and does not limit permissions, hackers have access to a treasure trove of information.
We are still facing a bit of a Wild West situation with respect to application development and consumer use. Even today, it seems as though security is not a top concern for application development, leaving many opportunities for hackers to use applications to compromise end users. What’s more, even with the built-in security features and malware monitoring of the Apple Store and Google Play Store, mobile malware still prevails.
For example, last year roughly 2 million Android users fell “victim to malware hidden in over 40 fake companion guide apps for popular mobile games, such as Pokémon Go and FIFA Mobile, on the official Google Play Store.”
Employers should encourage their staff to practice good mobile application hygiene, which includes always downloading from an official app store, being wary of copycat applications, reviewing the permissions before installing an app, limiting access to contacts and location-specific data and keeping applications up to date so the latest fixes will apply. Overall, if the app is no longer supported by the Google Play Store or the Apple Store, delete it.
3. Download Anti-Malware Defenses
Relying on security know-how, caution and built-in device features are no longer enough to protect mobile devices from being hacked.
The rise of mobile device usage over the years has attracted the attention of cybercriminals and has shifted their focus from the typical computer hack to the data-rich mobile world. Mobile devices — with their ability to snap pictures, share locations and open corporate attachments — are the true window to our private and business lives and the easiest ways for cybercriminals to gain unauthorized access.
Employers must recognize that employees are holding a potential threat in their hands and take the proper steps to protect their networks from mobile breaches.