A lot of personal and business information is stored and transmitted through mobile devices. It’s no wonder why – they make working and communicating easy and convenient. However, letting that information get into the hands of a cybercriminal can cause huge problems for your business.
Keep in mind smartphones are small computers – and like computers, they have inherent weaknesses that hackers would like to exploit. Every year, more smartphones are being targeted by malicious actors. In fact, cybersecurity professionals estimated there was a 50 percent increase in mobile cyberattacks between 2018 and 2019.
This rising trend will undoubtedly continue until users learn how to properly secure their smartphones and tablets. Let’s examine five common security threats that affect mobile devices and learn how to defend against them.
1. Not Setting a Device Password
Today, our mobile devices – and especially our smartphones – are often attached to our hips. Despite that, it’s possible for someone to pilfer your phone, and it’s even easier to leave your phone behind in a restaurant or taxi. If you can’t recover your phone within a few hours, it could be anywhere. And if you don’t have a password on your device, it could take seconds for someone to access the sensitive data on your phone.
Setting a device password is an easy way to stop casual thieves from snooping through your phone and generally deter malicious actors from accessing your phone. Set a pattern, password, or PIN as a basic measure of security – or use facial and fingerprint locks when possible. If a password-protected phone goes missing, you’re more likely to have time to back up your data on another device, or even wipe your device if it contained sensitive information.
2. Reusing Passwords
Did you know that 50 percent of users use the same passwords across work and personal accounts? This means that one employee’s recklessness off-the-clock can translate into a breach for your business.
There are a few ways to stop employees from reusing passwords. First, educate them on the importance of using a unique password as soon as they begin working with your company, and reiterate its importance when they sign up for new services. Then, ask employees to change their passwords on a regular basis, or enable two-factor authentication when necessary.
Businesses also benefit from offering a secure password manager to employees. With a password manager, employees don’t have to commit tens or hundreds of logins to memory – they only need to remember a single strong password in order to access all of their passwords.
3. Malicious Apps
Everyone loves a helpful mobile app – but many users are unaware of how applications can be used against them. Some apps that seem benign, or even helpful, may turn out to be a front for viruses, spyware, and other types of malware. These apps originate from a variety places, although they are most often found on third-party app stores.
With the right preventative steps, every employee can learn how to avoid malicious apps. First, always download applications from the official app store that came preloaded on your phone, and do not follow online links to download apps. When you do choose to download an app, keep an eye out for user permissions – for example, if a simple wallpaper application wants permission to your microphone, voicemails, and text messages, it may not be as benign as it seems.
If a malicious app finds its way onto a phone, it can be sniffed out by a reputable mobile antimalware solution. Additionally, since malicious apps often run in the background without a user’s knowledge, users may be able to identify malicious apps by checking their phone’s data usage statistics.
Spyware is a growing problem on mobile devices. This type of malicious software can either be stealthily installed by a person with physical access to your phone, or cybercriminals can trick users into downloading it by disguising it as a harmless file or application. It can then be used to surveil your device and reproduce data – including images, videos, emails, documents, or even passwords – giving them access to a wealth of information about an employee.
To protect against spyware, don’t let individuals you don’t trust access your phone, and always protect it with a strong password. Additionally, educate employees about phishing and the dangers of third-party applications, since these are common vectors for transmitting spyware online. To detect and eliminate spyware, monitor your apps and processes regularly and delete any unfamiliar applications – or, simply purchase an antimalware suite with advanced spyware protection.
5. Unsecured Networks
Internet outages are an unfortunate reality of modern life – and when the internet goes out, employees will try to find another way to get online. Many will mistakenly turn to an unsecured network that doesn’t require a password to use, which can open up an opportunity for hackers to intercept unencrypted information as it passes from your device through the access point.
If an employee transmits information through an unsecured network, hackers may use it to distribute malicious software or record sensitive information for later use. This can have serious ramifications for your business. To defend against the dangers of unsecured networks, encourage employees to only use secured networks, and disable “network discovery” settings that will make their devices connect to unfamiliar WiFi networks by default. As a final measure of security, outfit employee devices with a VPN, firewall, and antimalware suite just in case they manage to access these networks anyway.