5.5 min to readDigital Workplace

Cyber security guide: building a mobile threat defense for your enterprise devices

Ravi Bindra
Ravi BindraCISO

As mobile devices become a fundamental part of an employee’s personal and professional life, organizations need to be mindful of the risks they bring to the business. While many organizations will outfit their PCs with advanced security measures and show staff how to protect their work computers, it’s much more rare for a business to discuss securing mobile devices.

However, all employees must know how to protect their mobile devices from threats. Even though many smartphones, tablets, and similar devices inherently include some security measures, there are best practices users should follow to protect against the most prominent threats.

Why is mobile security important?

A lot of personal and business information is stored and transmitted through mobile devices. It’s no wonder why – they make working and communicating easy and convenient. However, letting that information get into the hands of a cyber criminal can cause huge problems for your business. Keep in mind smartphones are small computers – and like computers, they have inherent weaknesses that hackers would like to exploit. Every year, more smartphones are being targeted by malicious actors. In fact, cyber security professionals estimated there was a 50 percent increase in mobile cyber attacks between 2018 and 2019.

This rising trend will undoubtedly continue until users learn how to properly secure their smartphones and tablets. Let’s examine five common security threats that affect mobile devices and learn how to defend against them.

1. Not setting a device password

Today, our mobile devices – and especially our smartphones – are often attached to our hips. Despite that, it’s possible for someone to pilfer your phone, and it’s even easier to leave your phone behind in a restaurant or taxi. If you can’t recover your phone within a few hours, it could be anywhere. And if you don’t have a password on your device, it could take seconds for someone to access the sensitive data on your phone.

Setting a device password is an easy way to stop casual thieves from snooping through your phone and generally deter malicious actors from accessing your phone. Set a pattern, password, or PIN as a basic measure of security – or use facial and fingerprint locks when possible. If a password-protected phone goes missing, you’re more likely to have time to back up your data on another device, or even wipe your device if it contained sensitive information.

2. Reusing passwords

Did you know that 50 percent of users use the same passwords across work and personal accounts? This means that one employee’s recklessness off-the-clock can translate into a breach for your business.

There are a few ways to stop employees from reusing passwords. First, educate them on the importance of using a unique password as soon as they begin working with your company, and reiterate its importance when they sign up for new services. Then, ask employees to change their passwords on a regular basis, or enable two-factor authentication when necessary.

Businesses also benefit from offering a secure password manager to employees. With a password manager, employees don’t have to commit tens or hundreds of logins to memory – they only need to remember a single strong password in order to access all of their passwords.

3. Malicious apps

Everyone loves a helpful mobile app – but many users are unaware of how applications can be used against them. Some apps that seem benign, or even helpful, may turn out to be a front for viruses, spyware, and other types of malware. These apps originate from a variety places, although they are most often found on third-party app stores.

With the right preventative steps, every employee can learn how to avoid malicious apps. First, always download applications from the official app store that came pre-loaded on your phone, and do not follow online links to download apps. When you do choose to download an app, keep an eye out for user permissions – for example, if a simple wallpaper application wants permission to your microphone, voicemails, and text messages, it may not be as benign as it seems. If a malicious app finds its way onto a phone, it can be sniffed out by a reputable mobile anti-malware solution. Additionally, since malicious apps often run in the background without a user’s knowledge, users may be able to identify malicious apps by checking their phone’s data usage statistics.

4. Spyware

Spyware is a growing problem on mobile devices. This type of malicious software can either be stealthily installed by a person with physical access to your phone, or cyber criminals can trick users into downloading it by disguising it as a harmless file or application. It can then be used to surveil your device and reproduce data – including images, videos, emails, documents, or even passwords – giving them access to a wealth of information about an employee.

To protect against spyware, don’t let individuals you don’t trust access your phone, and always protect it with a strong password. Additionally, educate employees about phishing and the dangers of third-party applications, since these are common vectors for transmitting spyware online. To detect and eliminate spyware, monitor your apps and processes regularly and delete any unfamiliar applications – or, simply purchase an anti-malware suite with advanced spyware protection.

5. Unsecured networks

Internet outages are an unfortunate reality of modern life – and when the internet goes out, employees will try to find another way to get online. Many will mistakenly turn to an unsecured network that doesn’t require a password to use, which can open up an opportunity for hackers to intercept unencrypted information as it passes from your device through the access point.

If an employee transmits information through an unsecured network, hackers may use it to distribute malicious software or record sensitive information for later use. This can have serious ramifications for your business. To defend against the dangers of unsecured networks, encourage employees to only use secured networks, and disable “network discovery” settings that will make their devices connect to unfamiliar WiFi networks by default. As a final measure of security, outfit employee devices with a VPN, firewall, and anti-malware suite just in case they manage to access these networks anyway.

Final thoughts

Mobile devices can pose a massive security risk to both employees and organizations, whether those devices are personal or company-issued devices. Consequently, organizations need to be vigilant and ensure any device that connects to a company-issued device or network passes basic security checks. By taking precautions and protecting against the most common mobile threats, organizations will be able to prevent threats before they emerge.


SoftwareOne’s CIO Pulse Survey

Our report includes key findings of recent research to examine CIOs’ priorities at a time when they are expected to achieve more but with reduced budgets.

SoftwareOne’s CIO Pulse Survey

Our report includes key findings of recent research to examine CIOs’ priorities at a time when they are expected to achieve more but with reduced budgets.


Ravi Bindra

Ravi Bindra

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.