The covid pandemic has revolutionised the way most of us work. We are no longer chained to office desks, and instead embracing the benefits of hybrid working. But is the pandemic the sole instigator for this change?
Of course not! Ever-evolving technology has been a key facilitator in allowing us to work more flexibly. Without technological advancements, effective home working would not be possible, pandemic or not. Smartphones specifically are a key component of this technical evolution and subsequent change in working practices.
Only a few years ago, smartphones were not commonplace in the office. In fact, they were often seen as a distraction rather than a tool for enabling efficient working. Now, however, mobile devices are key for allowing us to communicate with others, whether we’re in the office, at home, or on the go.
What’s more, the onus is no longer necessarily on the employer to provide devices for their workers. Often, employees will use their personal mobile devices to access company applications, adopting a ‘bring your own device’ (BYOD) policy that cuts costs for businesses and streamlines mobile phone use for employees.
In fact, according to the International Data Corporation (IDC), nearly 60% of the US workforce are now mobile workers, largely due to the surge in remote working and popularity of BYOD policies amongst employers.
But with smartphone use so popular in the workplace, what mobile device security policies do you need in place to protect your business? In this article, we’ll cover why mobile device security is so important, the top threats faced by businesses like yours, and how best to secure your mobile devices.
In this article, we cover:
Why is mobile device security important for small businesses?
When a data breach happens, large businesses top the headlines. But that doesn’t mean small businesses are immune, especially when it comes to mobile device security.
Mobile devices represent a key target for cyber-crime, because they’re just that – they’re mobile! We take them to the office, out and about at the weekend, and even on holiday. This mobility provides ample opportunity for devices to be lost, stolen, or even breached through rogue Wi-Fi.
In fact, the Version Mobile Security Index shows that 22% of small businesses suffer a mobile device related security incident each year. Of these businesses, 42% of them marked the incident as ‘majorly’ impacting their business.
So, why is mobile device security important?
Because it impacts small businesses as well as large corporations, threatening your finances, data and reputation. What’s more, it’s an easy avenue for cyber criminals to use to access your confidential data, putting your business at risk. But don’t worry, throughout this article, we’ll give you some quick and easy tips you can implement to help secure your mobile devices…
Example Case: Malware infects 25M Android phones
It’s no surprise that Android phones are a key target for cybercriminals. Alongside iPhones, they make up the most popular mobile devices globally.
You may remember, in 2019 when 25 million Android phones were infected with malware, otherwise known as ‘Agent Smith’. The malware hid inside popular apps, like Whatsapp, taking advantage of the weaknesses that were then present in the Android operating system.
This specific malware was able to mimic popular apps, like Whatsapp, but instead inject its own malicious code. The hijacked apps appeared to work as normal, but behind the scenes, they were manipulating data and accessing information.
Whilst banking apps were unaffected in this instance, this is a stark reminder of just how dangerous mobile compromise can be. If attackers had infiltrated mobile banking apps, they would have been able to view financial data, without the mobile phone user ever knowing.
Avrian Hazum, head of Check Point’s mobile security response team, says “Hypothetically, nothing is stopping them from targeting bank apps, changing the functionality to send your bank credentials to a third party. The user wouldn’t be able to see any difference, but the attacker could connect to your bank account remotely.”
Many workplaces have now adopted a BYOD model, enabling employees to use their own smartphones to access work data. This case study highlights the importance of implementing proper mobile device security measures, not only for company devices, but also for personal devices if employees are using these for work.
Top mobile device security threats faced by businesses in 2023
As more people use mobile devices for work, cybercriminals are finding new ways to exploit them. They’re quick to adapt and take advantage of the latest trends, and mobile devices have become a prime target for their attacks. According to Check Point Research, a whopping 97% of organizations faced cyber threats targeting mobile devices!
Through mobile devices, users can fall victims to the same cybersecurity challenges as traditional laptop and desktop computers e.g phishing, ransomware etc. However, these mobile devices also some unique threats to watch out for, including:
- Man-in-the-middle attacks – Where an attacker intercepts the communications between two parties, secretly altering information and leading to potential data breaches. Commonly, Man-in-the-Middle attacks occur through public Wi-Fi connections or mobile networks, making smartphones and other mobile devices particularly vulnerable.
- Compromised mobile apps – Apps are the centre of most smartphone use, enabling everything from instant messaging to shopping, gaming and banking. Whilst any platform can be corrupted by malware, the popularity of app use has meant that the number of malicious apps has surged. In fact, in 2020, 46% of businesses claimed that at least one employee had downloaded a malicious mobile app.
- Unpatched vulnerabilities – On average, 40% of mobile devices have vulnerabilities in their hardware. Plus, many mobile apps, even major apps created by big brands, have undetected weaknesses in their security. Mobile apps, therefore, represent an easy avenue for cyber criminals to penetrate devices and capitalise on these hardware vulnerabilities.
How to secure your mobile device?
With smartphone use now so popular in the workplace, it’s important to implement measures that will enhance your mobile device security when devising your security strategy.
Here are some quick tips to help you mitigate risk and safeguard your mobile device security:
Utilise device encryption
Device encryption is a powerful tool for keeping your data safe. Through Mobile Device Management, you can ‘encrypt’ important data stored on work devices if they are lost or stolen, or if any email accounts has been hacked. This will convert the data on the device into unreadable code, making it useless to any unauthorised personnel who may be trying to access it. If that device is then found or returned to the rightful owner, the data can be decrypted so that it’s once again legible.
Implement strong passwords
Strong passwords are a quick and easy way to enhance the security of your smartphones and other mobile devices. We recommend enforcing a strict password policy for your employees, whereby all passwords must:
- Be at least 12 characters long
- Include numbers, letters, and symbols
- Contain no recognisable words
To ensure this is rolled out effectively, you can take advantage of a Password Manager which will recommend strong passwords and notify you of any weak passwords that could be putting your business at risk. It will also store all complex passwords securely for you, so you and your team don’t need to worry about remembering them.
Enforce secure methods of verification
Having strong passwords is excellent, but leveraging more accurate methods of verification is even better. And what could be more accurate than facial recognition? As part of your security strategy, we recommend encouraging all employees to utilise facial recognition software on their smartphones. If facial recognition is unavailable, pin verification is another good option. This refers to when an app or website you’re trying to access will send a secure pin code via text or email, adding another layer of protection to your passwords. Enforcing these kinds of authentication on mobiles devices accessing business data is another example of Mobile Device Management policies that can be put into place.
Implement rules for how work devices are used
Through Mobile Device Management, you can set rules for how devices are used if they’re storing your company data. For example, you can restrict what data can be copied and pasted from business apps on smartphone devices – keeping passwords and other confidential information secure.
Moreover, you can also choose to whitelist apps that you know are genuine and secure. This means that employees will be able to download these apps immediately, without having to wait for approval from IT or security personnel. This enables your team to be more efficient in the knowledge that they’re only using reputable apps.
Regular software updates
We all know that updating your software, whether it’s your operating system or an app update, is key to maintaining a good mobile device security. Educate the importance of using the latest software to your team. And consider enforcing updates by a certain deadline, if they haven’t already been manually updated by the employee.
Remotely wipe comprised devices
Another benefit of Mobile Device Management (MDM) is the ability to wipe mobile devices of important data if we know they’ve been compromised. If a device has become victim to a cyber-attack, or has been stolen and ended up in the wrong hands, MDM enables you to wipe that device completely, ensuring data cannot be used maliciously.