Mobile Security Threats
By now you understand some of the benefits attached to bolstering mobile device security, but what are some of the threats involved if you don’t shore up mobile security gaps?
Let’s look at a few of the most common mobile security threats in today’s workplace.
Not only is private data one of your company’s greatest assets, but it’s also the target of malicious outsider attacks. Poorly protected devices and lax mobile security policies make your company data privy to hackers.
According to IBM, the average cost of a corporate data breach is $3.86 million and takes roughly 280 days to identify and contain. Even just one data breach could spell financial ruin for your business!
Your data is most vulnerable to leaks from current or past employees. Hackers might perform sophisticated social engineering attacks, targeting current employees in an attempt to retrieve even the smallest piece of information that can provide access to company resources.
In these situations, hackers might impersonate reputable vendors, appeal to an employee’s personal interests, or even visit your place of business in-person, again, all in an attempt to acquire just enough information to access company data.
Other times, employees might accidentally disclose company information to outsiders (most common in the healthcare industry), or you might have a disgruntled ex-employee who sells or trades sensitive company data post-termination to malicious third-parties.
Unsecure Wi-Fi and public hotspots
Another vulnerability in mobile device security involves internet connectivity. Without stringent rules and policies in place, your company information is at-risk when your employees connect online using an unsecured Wi-Fi network or public hotspot while working remotely.
It’s estimated there will be over 542 million public hotspots by 2021 (Statista, 2020). And Pradeo reports that over 91% of mobile devices used for business have already been connected at least once to unsecured Wi-Fi networks, nearly 3% of them being the direct target of an attack (Pradeo Report, 2019).
Phishing attacks (“SMiShing”)
Phishing attacks are no longer limited to your inbox and desktop computers. While your mobile device is still prone to threats from your inbox, attackers are evolving with the times and targeting mobile devices using SMS-based phishing schemes as well.
Phishing attempts that use SMS messaging, as well as social and gaming apps, are referred to as “SMiShing” attacks and accounts for 81% of phishing attempts today (Pradeo Report, 2019).
As a relatively new phenomenon, this is a significant threat as uneducated employees are more likely to fall victim to a SMiShing attack.
Mobile Applications – Spyware/Stalkerware
Probably one of the greatest threats to security lies in the applications your employees download onto their mobile devices. Not only do some of these applications access and share more data than necessary, but some of them are also riddled with vulnerabilities.
While free applications are enticing to frugal users, they embed an average of six marketing libraries onto devices (Praedo Report, 2019, p.6). These applications access user data and sell it to companies, turning them into a money-making machine for developers through advertisements.
When an employee indiscriminately agrees to the “terms and conditions” while using an application, they could be permitting access to sensitive company data on their mobile device as well.
Some of these free applications might even be malicious in nature, including mimicking popular messaging apps. And while 89% of these applications are deleted from app stores, one report discovered them still installed on active devices six months after they were deleted from the store.
Attackers also take advantage of the 61% of applications with code vulnerabilities, leading to data leakage or DoS and man-in-the-middle attacks.
Regularly updating your mobile device’s software is an effective way to patch security holes and prevent malware attacks, though it was reported that almost half of all Android users didn’t have the latest software installed on their mobile devices, leaving over 846 million devices exposed to malware through known vulnerabilities.
Bring Your Own Devices (BYOD)
Bring your own device (BYOD), when employees are allowed to use their personal mobile devices for work, is a popular practice for small businesses. As mentioned before, it not only saves the company money, but it aids in employee mobility and satisfaction.
Unfortunately, it’s a security risk well. As opposed to company-owned mobile devices where you can exercise greater control, the vulnerabilities to your company’s data are greater with BYOD policies.
Businesses tend to grant users generous permissions on their BYOD, especially if they’re using them for work-related tasks. But without effective MDS security policies or an MDM solution in place, one of the greatest problems with BYOD practices is that employers cannot mandate employees to update their personal mobile devices with software and application updates.
Again, this creates an opportunity for malicious attackers to access company data through code vulnerabilities in applications, unsecured Wi-Fi connections, and the like.
Mobile Device Management Solutions
The threats to mobile device security are significant, but thankfully, these risks can easily be addressed by implementing a Mobile Device Management (MDM) solution into your business’ IT infrastructure. Let’s discuss what MDM is and what to look for when identifying a MDM solution.
Simply put, mobile device management is security software that enables you to monitor and manage mobile devices across your network. This software gives you better control over laptops, smartphones, tablets, and other devices used in your business.
And because 67% of businesses believe mobile solutions are an essential element of their company’s success, adopting effective mobile security software is vital to maintaining forward progress.
Here are some features to look for when identifying an MDM solution for your business. Most all of these features can be found in software such as Hexnode, Microsoft Enterprise Mobility, and IBM Security Maas360:
- Remote configuration and monitoring – your software should be able to both monitor and configure mobile devices remotely. This allows you to easily register new devices, push software updates, force application updates over-the-air, and observe which devices are accessing your network at all times.
- Security policies and enforcement – your MDM software should also be able to enforce your mobile security policies. This includes policies related to data storage, authentication/authorization, and remote content access, to name a few.
- Passcode/remote wipe – if your employee’s mobile device is lost or stolen, your MDM software should enable a feature to allow you to remotely wipe company data from the device. In some cases, you will have permissions to erase personal data as well, which might later be used in a social engineering attack.
- Data restrictions – many MDM software suites allow you to establish a geofence and restrict data and application accessibility based on the physical location of a mobile device. You may choose to disable specific applications on enterprise mobile devices while users are off-site, for example.
- Logging/reporting – most MDM solutions automatically log and create a report indicating which devices are on your network and at what times. This is typically done for compliance purposes, but it’s also an effective tool for identifying where vulnerabilities existed in the case of a security breach.
- Scalability – your software needs to easily accommodate new users and devices, not only as your business grows, but as the mobile device market evolves as well. An MDM software should make device registration, configuration, and policy enforcement as simple as possible.
Need help in implementing a more comprehensive solution? Contact our team at Commprise and we’ll help you find the best MDM solution for your business. Book your call today!