Gone are the days where employees would work solely in the office. Today, employees work in an array of different locations: libraries, coffee shops and airports but to name a few. In this environment, employees often access company data and applications via their mobile phones.
However, despite the increasing criticality of mobile phones to employee productivity, security remains a glaring issue. Over half of companies believe that mobile devices are less secure than laptops and other endpoints.
For the most part, this is true. It’s not that mobile phones are inherently insecure though. Rather, they are exposed to more threats than laptops and desktop computers that sit within the corporate network.
The portability of mobile phones can be their greatest downfall. As they are transported from location to location, these devices will come across new threats at every turn.
Below, we’ll explore these risks – and how to mitigate them – in more detail.
Public WiFi is More Susceptible to Compromise
Research has found that public WiFi networks are almost 95 times more risky to use than secured corporate WiFi networks. While your managed service provider or IT person will spend time and effort to ensure the corporate network is as robust as possible, it’s rare for companies to spend as much time bolstering their public WiFi networks.
Because they aren’t as robustly protected, public WiFi networks are more likely to be compromised by hackers. For cybercriminals, public WiFi networks can be a goldmine, enabling them to steal sensitive data that is transmitted on the network – which could include financial information, personal data and even intellectual property.
While it might be unrealistic to stop your employees from using public WiFi networks, you can help them to prevent the risks of data loss. The best way to do this is by setting up a corporate virtual private network (“VPN”). VPN’s work by creating a tunnel between your employee’s device and the corporate network, hiding their internet connection from the wider internet.
You should encourage your employees to use public WiFi in conjunction with the VPN whenever they plan to work on the go.
Malicious Applications Are Riddled With Malware
Applications are a huge part of the mobile experience. Hackers know this and, as application usage has surged, so too has the rise of malicious applications. These apps are often found on alternative app stores. They look like legitimate apps and often masquerade as well-known brands.
However, when the victim downloads a malicious app, their device will be infected with malware – malicious software that steals data or spies on the user.
Just last week, 470 apps in the Google Play store were found to be riddled with malware. This threat is a huge risk to companies that enable employees to work from their phones.
Education is your best bet against this risk. Educate your employees on the risk of malicious mobile apps so that they are more cautious about the applications they download.
If your employees use company-owned phones, you can support education with a mobile device management (MDM) policy. MDM is a tool that works by giving you granular control and visibility over how your people use their mobile phones.
You can, for example, control what applications and websites they visit, what data they upload and download and who they communicate with. Given the invasive nature of MDM, it’s not suitable for use on employees personal devices.
SMS-ishing Dupes Employees
You’re probably familiar with phishing – a form of cyber-attack where hackers send fraudulent emails to their victims, pretending to be a trusted brand or colleague. SMS-ishing is the text message version of phishing. Typically, hackers will pose as a healthcare organisation, bank or – in highly-targeted attacks, a colleague.
They’ll either ask the victim to share sensitive data or download an attachment that contains malware. Either way, SMS-ishing is troublesome to your business.
Again, your best defence against these attacks is education. By teaching your employees about the risks of phishing and SMS-ishing, you can empower them to spot and report these attacks – rather than fall victim.
In line with this, you should also put in place policies that help your employees to report a suspected phishing or SMS-ishing attack, so your IT personnel can take action.
Keep Your Employees Safe From Mobile Threats!
Focusing only on securing your desktop computers and laptops is a disaster waiting to happen. Your employees may still use their mobile devices to send emails and share sensitive information. That’s why shielding them from cyber criminals should be your top priority. So, develop a strict usage policy and follow other recommended practices to make your team’s smartphones and tablets virtually impervious to data theft.