cyber-security-awareness-4-building-a-mobile-threat-defense

Enterprise Devices

Build a Mobile Threat Defense

Building a Mobile Threat Defense for Your Enterprise Devices

This post is the fifth in a series of eight posts about cybersecurity awareness both inside and outside of the office. To read the rest of the series, refer to the list below.

  1. How to Fight Fraud with Security Intelligence
  2. The 6 Biggest Email Security Risks for Enterprises
  3. Security is Not Privacy: Ways to Keep Personal Data Secure
  4. Building a Mobile Threat Defense for Your Enterprise Devices
  5. How to Cut Security Risks for Remote Workers
  6. 10 Surprising Security Risks in Your Office
  7. Do You Know All Types of Internet Security Threats?
  8. 5 Steps of a Successful Cybersecurity User Awareness Program
  9. Five Alarming Approaches to Extortion
  10. How to Become a Harder Target From Malicious Threat Actors
  11. How to Reduce Security Risks in the Future
  12. You don’t need rocket science to build a Human Firewall.

As mobile devices become a fundamental part of an employee’s personal and professional life, organizations need to be mindful of the risks they bring to the business. While many organizations will outfit their PCs with advanced security measures and show staff how to protect their work computers, it’s much more rare for a business to discuss securing mobile devices.

However, all employees must know how to protect their mobile devices from threats. Even though many smartphones, tablets, and similar devices inherently include some security measures, there are best practices users should follow to protect against the most prominent threats.

Why is Mobile Security Important?

A lot of personal and business information is stored and transmitted through mobile devices. It’s no wonder why – they make working and communicating easy and convenient. However, letting that information get into the hands of a cybercriminal can cause huge problems for your business. Keep in mind smartphones are small computers – and like computers, they have inherent weaknesses that hackers would like to exploit. Every year, more smartphones are being targeted by malicious actors. In fact, cybersecurity professionals estimated there was a 50 percent increase in mobile cyberattacks between 2018 and 2019.

This rising trend will undoubtedly continue until users learn how to properly secure their smartphones and tablets. Let’s examine five common security threats that affect mobile devices and learn how to defend against them.

1. Not Setting a Device Password

Today, our mobile devices – and especially our smartphones – are often attached to our hips. Despite that, it’s possible for someone to pilfer your phone, and it’s even easier to leave your phone behind in a restaurant or taxi. If you can’t recover your phone within a few hours, it could be anywhere. And if you don’t have a password on your device, it could take seconds for someone to access the sensitive data on your phone.

Setting a device password is an easy way to stop casual thieves from snooping through your phone and generally deter malicious actors from accessing your phone. Set a pattern, password, or PIN as a basic measure of security – or use facial and fingerprint locks when possible. If a password-protected phone goes missing, you’re more likely to have time to back up your data on another device, or even wipe your device if it contained sensitive information.

2. Reusing Passwords

Did you know that 50 percent of users use the same passwords across work and personal accounts? This means that one employee’s recklessness off-the-clock can translate into a breach for your business.

There are a few ways to stop employees from reusing passwords. First, educate them on the importance of using a unique password as soon as they begin working with your company, and reiterate its importance when they sign up for new services. Then, ask employees to change their passwords on a regular basis, or enable two-factor authentication when necessary.

Businesses also benefit from offering a secure password manager to employees. With a password manager, employees don’t have to commit tens or hundreds of logins to memory – they only need to remember a single strong password in order to access all of their passwords.

3. Malicious Apps

Everyone loves a helpful mobile app – but many users are unaware of how applications can be used against them. Some apps that seem benign, or even helpful, may turn out to be a front for viruses, spyware, and other types of malware. These apps originate from a variety places, although they are most often found on third-party app stores.

With the right preventative steps, every employee can learn how to avoid malicious apps. First, always download applications from the official app store that came preloaded on your phone, and do not follow online links to download apps. When you do choose to download an app, keep an eye out for user permissions – for example, if a simple wallpaper application wants permission to your microphone, voicemails, and text messages, it may not be as benign as it seems. If a malicious app finds its way onto a phone, it can be sniffed out by a reputable mobile antimalware solution. Additionally, since malicious apps often run in the background without a user’s knowledge, users may be able to identify malicious apps by checking their phone’s data usage statistics.

4. Spyware

Spyware is a growing problem on mobile devices. This type of malicious software can either be stealthily installed by a person with physical access to your phone, or cybercriminals can trick users into downloading it by disguising it as a harmless file or application. It can then be used to surveil your device and reproduce data – including images, videos, emails, documents, or even passwords – giving them access to a wealth of information about an employee.

To protect against spyware, don’t let individuals you don’t trust access your phone, and always protect it with a strong password. Additionally, educate employees about phishing and the dangers of third-party applications, since these are common vectors for transmitting spyware online. To detect and eliminate spyware, monitor your apps and processes regularly and delete any unfamiliar applications – or, simply purchase an antimalware suite with advanced spyware protection.

5. Unsecured Networks

Internet outages are an unfortunate reality of modern life – and when the internet goes out, employees will try to find another way to get online. Many will mistakenly turn to an unsecured network that doesn’t require a password to use, which can open up an opportunity for hackers to intercept unencrypted information as it passes from your device through the access point.

If an employee transmits information through an unsecured network, hackers may use it to distribute malicious software or record sensitive information for later use. This can have serious ramifications for your business. To defend against the dangers of unsecured networks, encourage employees to only use secured networks, and disable “network discovery” settings that will make their devices connect to unfamiliar WiFi networks by default. As a final measure of security, outfit employee devices with a VPN, firewall, and antimalware suite just in case they manage to access these networks anyway.

Final Thoughts

Mobile devices can pose a massive security risk to both employees and organizations, whether those devices are personal or company-issued devices. Consequently, organizations need to be vigilant and ensure any device that connects to a company-issued device or network passes basic security checks. By taking precautions and protecting against the most common mobile threats, organizations will be able to prevent threats before they emerge.

Decrease Your Mobile Attack Surface

Don’t let the cloud expand your mobile attack service. Get access to important cloud security fundamentals.

Download Now
  • Managed Security
  • Copias de seguridad

Comente este artículo

¡Déjenos un comentario para conocer lo que piensa sobre este tema!

Deje un comentario

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Cybersecurity

Artículos relacionados

multilayer-edr-xdr-is-next

Multilayer EDR (XDR) is Next

Most organizations don’t want to work with EDR due to the huge number of alerts to manage. Cross-layer EDR (XDR) can be the solution. Find out how.

Endpoint Security: What you need to know about "Next-Gen" EDR

"Next-Gen" EDR

Combining EDR and SIEM might be the ideal way of fighting cyber security risks. But why isn’t EDR enough? Learn more about the challenges of standalone EDR and how it differs from SIEM.

endpoint-detection-and-response
  • 05 noviembre 2020
  • Cybersecurity, Managed Security
  • Cibercrimen, Ciberamenazas

Endpoint Detection and Response

With increasing workplace mobility, it's no surprise that endpoint devices become more vulnerable. Learn how EDR tools can protect you from malware!