There are approximately 32 million smartphone users in Canada, which is 82% of the population. Mobile devices have become the favored tool of many for things like checking email and accessing work applications.
According to a report by Microsoft, there is a “60% problem,” which is that mobile devices now make up sixty percent of the endpoints in the average company. Yet, many of them are not secured as well as computers. This is a major vulnerability spot for cybersecurity.
Companies also often use a BYOD (bring your own device) approach to mobile use where employees use their personal devices for work. This complicates endpoint security if those devices aren’t properly managed to ensure they have things like antivirus and regular patch updates.
You can no longer think about mobile devices differently than any other main system endpoint – computers, servers, etc. It’s important to put mobile device management in place through an endpoint management solution, such as Microsoft Intune in Microsoft 365.
Employee training on mobile device security is also important. Here are several tips you can share to help your team improve smartphone security at your company.
One of the growing phishing attack trends is the use of text messaging for phishing. Called “smishing” this is dangerous because many people don’t expect to see this type of fake text and can easily mistake a phishing SMS for a real shipping notification from a retailer like Amazon.
Being aware that not all text messages you receive may be legitimate helps prevent an accidental click on a shortened URL (which is typical in text messaging). For things like shipment tracking or any type of website you need to log into, it’s always best to go to the site directly and not through a hyperlink in a message.
In the fourth quarter of 2020, there were over 40 million mobile malware infections reported. A mobile security survey by Check Point found that 46% of companies had at least one incident of an employee downloading a malicious app last year.
Apps that are designed as cyberattack vehicles riddle the internet, and it’s not always easy to tell them apart from a real application. This is why it’s safest to only download mobile apps from reputable app stores like Google Play or the app stores from Microsoft or Apple.
While malicious apps can still occasionally get past the initial security precautions and land in app stores, they’re usually taken down as soon as they’re found out.
Mobile devices are small versions of computers and can get infected with the same types of viruses, ransomware, and other malware. Make sure that all mobile devices used for business have antivirus/anti-malware to protect against mobile malware infections.
One inherent risk that comes with mobile device use is that smartphones are often connecting to public Wi-Fi as the user travels from place to place. People often don’t want to have their mobile plan data used when it can be avoided, so they’ll connect to a free coffee shop or airport Wi-Fi when available.
Public networks are unsecured and can leave users at risk of a man-in-the-middle (MitM) attack, where a hacker on the same free Wi-Fi connection can spy on your data traffic.
Avoid public Wi-Fi where possible or use a VPN if you do connect to free Wi-Fi. A VPN application will encrypt your connection to protect against those MitM attacks.
Because of their size and the fact that people often take them out multiple times per day, smartphones are much more likely to be lost or stolen than other types of devices.
If this happens, it can leave the user and their company exposed. Many mobile apps have persistent logins, meaning you stay logged in and able to access your account, so anyone with the phone would have access to multiple accounts they could leverage for identity theft and other crimes.
Enabling remote lock and wipe on a device allows you at least some control should your device be lost or stolen. You’ll be able to lock a device until it can be found, and if it’s feared stolen, remove all the data remotely to prevent a breach.
Just like PCs, mobile devices should also be kept updated regularly, this includes both the operating system and all the apps. This helps prevent falling victim to a hack that exploits a vulnerability that already had a patch issued for it. Patches can be issued by software developers, but it’s up to the user to install them.
You should also regularly remove apps you no longer use, as these can often be forgotten about and never updated, leading to a breach.
Haxxess can help your Northern Ontario business put a comprehensive mobile device management system in place to reduce your risk of a smartphone-related data breach.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.