used with permission from Tektonika (HP)
Mobile devices are now a staple of the workplace, as ubiquitous as open floor plans and videoconferencing. Enabling employees to work from their mobile devices can even boost satisfaction, productivity, creativity, loyalty, and engagement—that’s quite a list of benefits.
However, embracing these upsides also requires paying attention to the downside: mobile threats. Given the sheer volume and value of sensitive data on employee devices, mobile security needs to be an IT priority. Every time an employee accesses corporate data from a smartphone, they put the entire network at risk—unless proper security measures are in place.
To unlock the full potential of workplace mobility, IT pros need to understand the biggest mobile threats. Here’s an overview of the top five hazards you should look out for.
As defined by PCMag, data leakage is “the unauthorized transfer of classified information from a computer or data center to the outside world.” There are a number of paths through which this transfer can take place, from security gaps in record systems or the misuse of data by a third party (such as an ad platform) to something as simple as an accidentally forwarded email.
Data leakage is generally unintentional—the result of employees who don’t realize data seeps out when it flows between a mobile device and an accounting system, for instance. IT can minimize the risk of data leakage by creating a map identifying sensitive data, where it flows, and why. This map can provide insight into potential risks and vulnerabilities.
It’s also a good idea to continuously monitor data usage for anomalous activities, such as internal threats from malicious or rogue users and the usage of stolen credentials. To keep these threats at bay, organizations should deploy safeguards, such as encryption, access controls, data masking, and quarantines.
No one likes to think they’d fall prey to a phishing scheme, but phishing today doesn’t look anything like it did 10 or even 5 years ago. Fraudsters have gotten more sophisticated, thanks in part to the wealth of information available across social media.
Verizon’s 2017 Data Breach Investigations Report found that “1 in 14 users were tricked into following a link or opening an attachment,” while the Anti-Phishing Working Group reported over 100,000 unique phishing websites are detected each month. Mobile devices make organizations even more vulnerable, as mobile phishing techniques vary from the typical email phishing users are trained to recognize. A report from Wandera discovered that 81 percent of mobile phishing attacks take place outside of email, with 26 percent of these attacks distributed via gaming apps.
Education is key to mitigating mobile threats. The strongest mobile security prevention measures in the world only go so far if an employee clicks on something they shouldn’t. Training on identifying phishing attempts should be ongoing and include a practical component. As certain users tend to be repeat offenders, organizations should consider conducting test phishing attempts to identify employees who may need extra coaching. There are also a few technical solutions on the market that can flag suspicious messages.
When using mobile devices for work purposes, employees are often out of the office, which means they’re likely to connect to a Wi-Fi network that may not be secure. These connections are a prime opportunity for hackers to intercept traffic and steal valuable information.
In crafting a mobile security prevention strategy, IT teams need to account for employee use of open and unsecured networks by encrypting all traffic through a VPN. VPNs funnel traffic through a secure network that’s difficult for a third party to monitor. Just make sure to avoid a VPN that doesn’t actually encrypt traffic or snoops on and logs activity.
Security vulnerabilities often get addressed through software updates. These updates can include important patches for security holes that, when ignored, leave the door open to hackers. It may feel annoying to see those little red circles asking you to download an update and restart, but devices that aren’t updated regularly pose a serious threat.
Part of ensuring devices are up to date is making sure you use devices that receive updates regularly. In a recent Android Upgrade Report Card in Computerworld, all Android manufacturers except Google received a C+ or worse. On top of that, many IoT devices aren’t designed with a patching mechanism at all. IT needs to do what they can to ensure all devices used for work are updated in a timely, ongoing manner.
Mobile devices aren’t the only endpoints that pose a risk—endpoints connected to those mobile devices are indirectly at risk of being infected by mobile threats, too. Take printers, for example. Few people suspect printers of being security threats, but they’re no longer the isolated machines they used to be. Instead, they’re connected to every other endpoint in your office. If someone uses an infected mobile device and prints on an unsecured printer, it could lead to a major breach that may then spread to the entire network.
The best approach is to adopt solutions for mobile printing that offer security without compromising convenience. Consider using server-based mobile printingthat integrates with secure print authentication policies and wireless printing that allows for mobile printing independent of the company network.
Mobility and BYOD have continued to grow riskier over the years, but this year’s top mobile threats likely won’t come as a shock. By being aware of these hazards and preparing for the worst, you can prevent these five risks from punching a hole in your company’s security infrastructure this year and in the future.