cyber-security-awareness-4-building-a-mobile-threat-defense

Enterprise Devices:

Build a Mobile Threat Defense

Building a Mobile Threat Defense for Your Enterprise Devices

As mobile devices become a fundamental part of an employee’s personal and professional life, organizations need to be mindful of the risks they bring to the business. While many organizations will outfit their PCs with advanced security measures and show staff how to protect their work computers, it’s much more rare for a business to discuss securing mobile devices.

However, all employees must know how to protect their mobile devices from threats. Even though many smartphones, tablets, and similar devices inherently include some security measures, there are best practices users should follow to protect against the most prominent threats.

Why is Mobile Security Important?

A lot of personal and business information is stored and transmitted through mobile devices. It’s no wonder why – they make working and communicating easy and convenient. However, letting that information get into the hands of a cybercriminal can cause huge problems for your business. Keep in mind smartphones are small computers – and like computers, they have inherent weaknesses that hackers would like to exploit. Every year, more smartphones are being targeted by malicious actors. In fact, cybersecurity professionals estimated there was a 50 percent increase in mobile cyberattacks between 2018 and 2019.

This rising trend will undoubtedly continue until users learn how to properly secure their smartphones and tablets. Let’s examine five common security threats that affect mobile devices and learn how to defend against them.

1. Not Setting a Device Password

Today, our mobile devices – and especially our smartphones – are often attached to our hips. Despite that, it’s possible for someone to pilfer your phone, and it’s even easier to leave your phone behind in a restaurant or taxi. If you can’t recover your phone within a few hours, it could be anywhere. And if you don’t have a password on your device, it could take seconds for someone to access the sensitive data on your phone.

Setting a device password is an easy way to stop casual thieves from snooping through your phone and generally deter malicious actors from accessing your phone. Set a pattern, password, or PIN as a basic measure of security – or use facial and fingerprint locks when possible. If a password-protected phone goes missing, you’re more likely to have time to back up your data on another device, or even wipe your device if it contained sensitive information.

2. Reusing Passwords

Did you know that 50 percent of users use the same passwords across work and personal accounts? This means that one employee’s recklessness off-the-clock can translate into a breach for your business.

There are a few ways to stop employees from reusing passwords. First, educate them on the importance of using a unique password as soon as they begin working with your company, and reiterate its importance when they sign up for new services. Then, ask employees to change their passwords on a regular basis, or enable two-factor authentication when necessary.

Businesses also benefit from offering a secure password manager to employees. With a password manager, employees don’t have to commit tens or hundreds of logins to memory – they only need to remember a single strong password in order to access all of their passwords.

3. Malicious Apps

Everyone loves a helpful mobile app – but many users are unaware of how applications can be used against them. Some apps that seem benign, or even helpful, may turn out to be a front for viruses, spyware, and other types of malware. These apps originate from a variety places, although they are most often found on third-party app stores.

With the right preventative steps, every employee can learn how to avoid malicious apps. First, always download applications from the official app store that came preloaded on your phone, and do not follow online links to download apps. When you do choose to download an app, keep an eye out for user permissions – for example, if a simple wallpaper application wants permission to your microphone, voicemails, and text messages, it may not be as benign as it seems. If a malicious app finds its way onto a phone, it can be sniffed out by a reputable mobile antimalware solution. Additionally, since malicious apps often run in the background without a user’s knowledge, users may be able to identify malicious apps by checking their phone’s data usage statistics.

4. Spyware

Spyware is a growing problem on mobile devices. This type of malicious software can either be stealthily installed by a person with physical access to your phone, or cybercriminals can trick users into downloading it by disguising it as a harmless file or application. It can then be used to surveil your device and reproduce data – including images, videos, emails, documents, or even passwords – giving them access to a wealth of information about an employee.

To protect against spyware, don’t let individuals you don’t trust access your phone, and always protect it with a strong password. Additionally, educate employees about phishing and the dangers of third-party applications, since these are common vectors for transmitting spyware online. To detect and eliminate spyware, monitor your apps and processes regularly and delete any unfamiliar applications – or, simply purchase an antimalware suite with advanced spyware protection.

5. Unsecured Networks

Internet outages are an unfortunate reality of modern life – and when the internet goes out, employees will try to find another way to get online. Many will mistakenly turn to an unsecured network that doesn’t require a password to use, which can open up an opportunity for hackers to intercept unencrypted information as it passes from your device through the access point.

If an employee transmits information through an unsecured network, hackers may use it to distribute malicious software or record sensitive information for later use. This can have serious ramifications for your business. To defend against the dangers of unsecured networks, encourage employees to only use secured networks, and disable “network discovery” settings that will make their devices connect to unfamiliar WiFi networks by default. As a final measure of security, outfit employee devices with a VPN, firewall, and antimalware suite just in case they manage to access these networks anyway.

Final Thoughts

Mobile devices can pose a massive security risk to both employees and organizations, whether those devices are personal or company-issued devices. Consequently, organizations need to be vigilant and ensure any device that connects to a company-issued device or network passes basic security checks. By taking precautions and protecting against the most common mobile threats, organizations will be able to prevent threats before they emerge.

Decrease Your Mobile Attack Surface

Don’t let the cloud expand your mobile attack service. Get access to important cloud security fundamentals.

Download Now
  • Managed Security
  • Mobile Security, Secure Password, Data Backup

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Cybersecurity

Related Articles

Cybersecurity Update March 2021
  • 13 April 2021
  • Bala Sethunathan
  • Cybersecurity User Awareness, Cyber Threat Bulletin, Cybersecurity, Managed Security
  • Cyber-Threats

Cyber Security Update March 2021

About 80% of breaches occur due to poor passwords. Keep your business protected and learn how to improve your password security.

How to Improve Your Microsoft 365 Security
  • 24 March 2021
  • Bala Sethunathan
  • Managed Security, Cybersecurity
  • Microsoft, Microsoft 365, Security, Azure, Identity Protection, Windows Hello

How to Improve Your Microsoft 365 Security

Your most sensitive data passes through your M365 deployment - but is it protected? Read this to ensure your assets are safe from malicious actors.

Cyber Security Update February 2021
  • 22 March 2021
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Cyber-Threats

Cyber Security Update February 2021

Do you know the latest cybersecurity attack motives and methods? Read more about how hackers tried to steal data and disrupt business.