Skip to content

Mobile device security threats that businesses like yours face in 2023

Phones go everywhere, the office, the train, on holiday, which makes them one of the easiest ways into your business. Here are the mobile threats that matter most, and the practical steps to lock them down.

Sereno IT
Talk to us
· Updated ·7 min read
Illustration of a smartphone showing 'Data Security' with a padlock, next to a hacked phone with a skull, an error laptop and a hooded figure.

The covid pandemic has revolutionised the way most of us work. We are no longer chained to office desks, and instead embracing the benefits of hybrid working. But is the pandemic the sole instigator for this change?

Of course not! Ever-evolving technology has been a key facilitator in allowing us to work more flexibly. Without technological advancements, effective home working would not be possible, pandemic or not. Smartphones specifically are a key component of this technical evolution and subsequent change in working practices.

Only a few years ago, smartphones were not commonplace in the office. In fact, they were often seen as a distraction rather than a tool for enabling efficient working. Now, however, mobile devices are key for allowing us to communicate with others, whether we’re in the office, at home, or on the go.

What’s more, the onus is no longer necessarily on the employer to provide devices for their workers. Often, employees will use their personal mobile devices to access company applications, adopting a ‘bring your own device’ (BYOD) policy that cuts costs for businesses and streamlines mobile phone use for employees.

In fact, according to the International Data Corporation (IDC), nearly 60% of the US workforce are now mobile workers, largely due to the surge in remote working and popularity of BYOD policies amongst employers.

But with smartphone use so popular in the workplace, what mobile device security policies do you need in place to protect your business? In this article, we’ll cover why mobile device security is so important, the top threats faced by businesses like yours, and how best to secure your mobile devices.

Why is mobile device security important for small businesses?

When a data breach happens, large businesses top the headlines. But that doesn’t mean small businesses are immune, especially when it comes to mobile device security.

Mobile devices represent a key target for cyber-crime, because they’re just that: mobile. We take them to the office, out and about at the weekend, and even on holiday. This mobility provides ample opportunity for devices to be lost, stolen, or even breached through rogue Wi-Fi.

In fact, the Verizon Mobile Security Index shows that 22% of small businesses suffer a mobile device-related security incident each year. Of these businesses, 42% marked the incident as ‘majorly’ impacting their business.

So, why is mobile device security important? Because it affects small businesses as well as large corporations, threatening your finances, data and reputation. What’s more, it’s an easy avenue for cyber criminals to access your confidential data, putting your business at risk. But don’t worry, throughout this article, we’ll give you some quick and easy tips you can implement to help secure your mobile devices.

Example case: malware infects 25M Android phones

It’s no surprise that Android phones are a key target for cybercriminals. Alongside iPhones, they make up the most popular mobile devices globally.

You may remember, in 2019, when 25 million Android phones were infected with malware otherwise known as ‘Agent Smith’. The malware hid inside popular apps, like WhatsApp, taking advantage of the weaknesses that were then present in the Android operating system.

This specific malware was able to mimic popular apps but instead inject its own malicious code. The hijacked apps appeared to work as normal, but behind the scenes, they were manipulating data and accessing information.

Whilst banking apps were unaffected in this instance, it’s a stark reminder of just how dangerous mobile compromise can be. If attackers had infiltrated mobile banking apps, they would have been able to view financial data without the mobile phone user ever knowing.

Hypothetically, nothing is stopping them from targeting bank apps, changing the functionality to send your bank credentials to a third party. The user wouldn’t be able to see any difference, but the attacker could connect to your bank account remotely.

— Avrian Hazum Head of mobile security research, Check Point

Many workplaces have now adopted a BYOD model, enabling employees to use their own smartphones to access work data. This case highlights the importance of implementing proper mobile device security measures, not only for company devices, but also for personal devices if employees are using these for work.

Top mobile device security threats faced by businesses in 2023

As more people use mobile devices for work, cybercriminals are finding new ways to exploit them. They’re quick to adapt and take advantage of the latest trends, and mobile devices have become a prime target. According to Check Point Research, a whopping 97% of organisations faced cyber threats targeting mobile devices.

97% of organisations hit Faced cyber threats targeting mobile devices. Check Point Research

Through mobile devices, users can fall victim to the same cybersecurity challenges as traditional laptops and desktops, e.g. phishing, ransomware, but these devices also face some unique threats to watch out for:

Mobile-specific threats

  • Man-in-the-middle attacks

    An attacker intercepts communications between two parties, often over public Wi-Fi or mobile networks, secretly altering information and leading to data breaches.

  • Compromised apps

    Malicious apps have surged with app popularity. In 2020, 46% of businesses had at least one employee download a malicious mobile app.

  • Unpatched vulnerabilities

    On average 40% of mobile devices carry hardware vulnerabilities, and even major apps ship undetected weaknesses attackers can exploit.

How to secure your mobile devices

With smartphone use now so popular in the workplace, it’s important to implement measures that will enhance your mobile device security when devising your security strategy. Here are some quick tips to help you mitigate risk and safeguard your mobile device security.

Utilise device encryption

Device encryption is a powerful tool for keeping your data safe. Through Mobile Device Management, you can encrypt important data stored on work devices if they are lost or stolen, or if any email account has been hacked. This converts the data on the device into unreadable code, making it useless to any unauthorised personnel trying to access it. If that device is then found or returned to the rightful owner, the data can be decrypted so that it’s once again legible.

Implement strong passwords

Strong passwords are a quick and easy way to enhance the security of your smartphones and other mobile devices. We recommend enforcing a strict password policy for your employees, whereby all passwords must:

  • Be at least 12 characters long
  • Include numbers, letters, and symbols
  • Contain no recognisable words

To ensure this is rolled out effectively, you can take advantage of a Password Manager, which will recommend strong passwords and notify you of any weak passwords that could be putting your business at risk. It will also store all complex passwords securely for you, so you and your team don’t need to worry about remembering them.

Enforce secure methods of verification

Having strong passwords is excellent, but leveraging more accurate methods of verification is even better. And what could be more accurate than facial recognition? As part of your security strategy, we recommend encouraging all employees to use facial recognition software on their smartphones. If facial recognition is unavailable, PIN verification is another good option, where an app or website you’re trying to access sends a secure PIN code via text or email, adding another layer of protection to your passwords. Enforcing these kinds of authentication on mobile devices accessing business data is another example of Mobile Device Management policies that can be put into place.

Implement rules for how work devices are used

Through Mobile Device Management, you can set rules for how devices are used if they’re storing your company data. For example, you can restrict what data can be copied and pasted from business apps on smartphone devices, keeping passwords and other confidential information secure.

Moreover, you can also choose to whitelist apps that you know are genuine and secure. This means employees will be able to download these apps immediately, without having to wait for approval from IT or security personnel. This enables your team to be more efficient in the knowledge that they’re only using reputable apps.

Roll out regular software updates

We all know that updating your software, whether it’s your operating system or an app, is key to maintaining good mobile device security. Educate your team on the importance of using the latest software, and consider enforcing updates by a certain deadline if they haven’t already been manually updated by the employee.

Remotely wipe compromised devices

Another benefit of Mobile Device Management (MDM) is the ability to wipe mobile devices of important data if you know they’ve been compromised. If a device has fallen victim to a cyber-attack, or has been stolen and ended up in the wrong hands, MDM enables you to wipe that device completely, ensuring data cannot be used maliciously.

For more information on mobile device security and how best to protect your business from potential threats, get in touch for a free IT consultation today. Or, to learn more about our device security services, check out our flexible cyber security packages.

Share this article

From Sereno IT

The Sereno IT team

Sereno IT is a London-based managed IT support provider helping businesses across the UK stay secure and productive. Read more in the Cyber Security section.

Remote, Hybrid & Device Security

Ready to take the next step?

Friendly, no-jargon guidance from the Sereno team. Tell us what's going on with your IT, we'll tell you what to do about it.

Secure your hybrid team