The mobile threats IT teams need to know about
Mobile phones are little computers in your employees’ pockets and are just as vulnerable to attack as laptops and desktop computers. In fact, mobile-based cyberattacks increased 1,400% between 2016-2020.
Here are the most crucial threats you need to be aware of.
1. Mobile phishing
Phishing is one of the top attack vectors, and can be the first step in a ransomware attack chain. As BYOD increases and personal mobile devices become a blend of our work and private lives, attacks are shifting to be more mobile-specific.
Mobile phishing is not just email based – it often comes through SMS, WhatsApp, or social media. The training staff have for spotting phishing emails needs revising in light of mobile phishing, as traditional advice around hovering over links or checking the send details becomes much harder to do on a mobile.
And you think you’re safe because your workforce uses iPhones? Well,
63% of phishing attacks take place on iOS devices, not Android.
What to do: Update your staff phishing training and look for a mobile security solution that has built-in phishing detection.
2. Compromised WiFi networks
We’re not constrained by the office perimeter anymore. Great for staff, but a headache for security teams. One of the most alarming issues CISOs face is policing the unlimited number of WiFi networks employees now can connect to with devices that hold sensitive business data, or access to that data.
Our own research found that 1 in 20 public WiFi networks had an active Man-in-the-Middle attack, and that means information can be hoovered up from that device, or malware dropped on to it. Watch a MitM attack in action on a coffee shop WiFi.
What to do: Educate employees about the dangers of public WiFi hotspots and unsecured networks. Yes, many will still connect, so to manage this risk and protect business data in this situation, use on-device mobile security that detects and alerts the user to disconnect from compromised networks.
3. Malicious apps
Some apps are created evil, others become dangerous over time if they’ve been compromised, and others are just a bit fast and loose with their privacy or security practices.
Malicious apps can steal credentials, drop keyloggers or malware that hoover up information from emails, messages or phone calls and send them to a third party. If your employees use personal devices to access work email, cloud systems or other business information, a malicious app is a quick and highly damaging way into your organisation, with far-reaching consequences. It’s one of the main reasons many businesses are wary of implementing BYOD, despite it making good business and financial sense. Luckily, it is possible to implement BYOD safely…
What to do: Look for mobile threat defence that has dynamic malicious app detection and remediation. If you have an MDM (Mobile Device Management) in place already, be aware that it doesn’t provide detection of threats, but adding MTD on top does, and if the MTD spots a malicious app, you can use your MDM to block access to business systems until the threat is resolved.
4. Device vulnerabilities
Unpatched, unsupported and jailbroken or rooted devices are an open door to all kinds of exploits in the mobile operating system. Having vulnerable devices accessing your network or corporate data could lead to ransomware attacks, and the the hefty fines and damages involved as a result of a data breach.
That’s why it’s really important that employees apply new security patches as soon as they come out, update to the latest version of their OS, upgrade their phones if the model is no longer supported, lock them with a passcode, and think twice about rooting that phone.
What to do: Educate users about device health and keeping those phones updated. Also look for mobile security that alerts the user to the availability of a new OS version, or if their device is out-of-support, has no passcode or password set up on lock screen – and guides them to remediate the issue.
5. Simply not knowing…
61% of organisations don’t have any mobile security in place
Deep Instinct and Ponemon Institute, 2020
That’s a shocking number of businesses who aren’t yet addressing the growing mobile threat. But assuming you’re not one of them, and you have some sort of mobile security in place, you may still feel you lack the insights you need to keep your organisation safe.
As more and more shadow devices connect to your network and business systems, each one is a serious threat. With an affordable mobile security solution on every corporate and personal mobile device, you could see the compliance and threat status of each of those devices. You would have confidence that you were compliant, secure, and could see exactly where to deploy your resources.
What to do: Look for mobile security that is employee-privacy focused to ensure 100% adoption, that gives you the information you need to stay protected and see where threats are coming from, but not so much that employees object or try to find ways around invasive policies.
In case you’re still unsure what to do here, take a look at Traced Control. It’s a cost-effective, privacy-focused Mobile Threat Defence solution that protects your business against all of these threats, and more.
Try it for yourself
Traced Control is a new mobile threat defence solution that takes 5 minutes to set up – see for yourself with our 14-day free trial. If you’re looking for our free app, head over here.