The spread of COVID-19 forced many employees to work remotely using their personal smartphones, laptops, and other mobile devices. Today, 60% of mobile devices routinely access corporate data, and this figure is projected to rise further as more organizations embrace hybrid or fully remote work arrangements.
Consequently, cybercriminals are increasingly targeting mobile devices. In fact, 97% of the 1,800 organizations polled in Check Point Software Technologies’ Mobile Security Report 2021 experienced a cyberattack via a mobile device last year. To defend your company against such attacks, start by learning all there is to know about four common mobile security threats.
1. Phishing
People tend to be more susceptible to phishing attacks while working on their mobile devices than on their desktops, for many reasons.
For one, mobile devices have smaller screens, so mobile email apps usually show only the sender’s name, making it easy to trick people into thinking that they know the sender.
Some phishing scams tell you to click on a link to a legitimate website, but redirect you to a spoofed or malware-laden page instead. On a desktop, you can avoid scams like these by hovering your mouse pointer over the email link, as doing so shows a preview of the link’s true destination URL. Unfortunately, you can’t hover over links on most mobile email apps.
Lastly, mobile users are often distracted since they are multitasking or working on the go, making them more likely to click on links or download attachments.
How to protect your company
Implementing an effective email/spam protection service can help you block most fraudulent emails and spam messages from reaching your company inbox. To further boost your cyber defenses, you should also provide regular security awareness training and phishing simulations for your employees.
97% of the 1,800 organizations polled in Check Point Software Technologies’ Mobile Security Report 2021 experienced a cyberattack via a mobile device last year.
2. Data leakage
Data leakage happens when your data is accessed accidentally or intentionally by an unauthorized party. Data leaks in mobile devices may occur because of mobile apps that are granted broad permissions, such as access to the devices’ microphone, location, camera, contacts, and files. A hacker can exploit such mobile apps to steal data or conduct other unscrupulous activities.
How to protect your company
Register all mobile devices that your employees use for work under your company’s mobile device management (MDM) solution. If employees are using their personal devices, create a separate user account for work so that the personal account would be off limits to the MDM.
An MDM solution allows you to control the access permissions of corporate apps on those devices. Should any registered device get lost or stolen, you could also use MDM to remotely wipe company data off that device.
3. Unsecured Wi-Fi connections
When working in public places like restaurants and airports, you may be tempted to connect to their free Wi-Fi network to save on cellular data. However, public Wi-Fi networks are usually unsecured and may be used by cybercriminals to spread malware or intercept your business data. In fact, some cybercriminals even set up fake public Wi-Fi networks to collect unsuspecting users’ information, including login credentials.
How to protect your company
Educate your employees on the dangers of connecting to public Wi-Fi networks. However, if they really have to connect to public Wi-Fi, require them to use a robust virtual private network (VPN), especially when accessing company systems or files. A VPN keeps their session secure and private even if they use a public network.
4. Malware
Since 2020, cybercriminals have been exploiting people’s concerns over the pandemic by creating malicious mobile applications that claim to offer COVID-19-related information. Hidden in these apps are malware, such as:
- Premium dialer – continuously calls premium-rate numbers
- Mobile remote access Trojan – grants unauthorized remote access to mobile devices
- Banking Trojan – steals users’ mobile banking credentials
Other types of malware that are commonly injected into legitimate-looking mobile apps include spyware, which collects personal data, such as your browsing habits, and sends it to third parties. Spyware is usually paired with mobile adware (i.e., advertising software), which spams you with targeted ads.
How to protect your company
Make sure your employees download apps only from Google Play Store, the App Store, or other official stores with stringent app screening processes. However, since there have been past reports of malware-laced apps in these stores, it is best to read the reviews first before downloading any app. It’s best to create an app vetting process so that your IT team can thoroughly investigate apps before these are allowed to be installed on mobile devices used for work. Finally, you should also install a trusted anti-malware app on these mobile devices.
Enjoy cutting-edge cybersecurity solutions and continuous threat monitoring when you partner with SpectrumWise. Schedule a consultation with us to get started.
