Mobile devices have become indispensable to modern businesses, helping them become more connected and more agile than ever. Employees no longer have to be tied to their desktops; they are now able to access files, answer emails, and collaborate in real time from anywhere with an internet connection. And because everyone owns smartphones or tablets these days, introducing such devices into the workplace barely comes with a learning curve.
But mobile devices in the workplace also bring some disadvantages: they increase the attack surface and pose novel cybersecurity threats. How serious is the situation? According to Symantec, about 24,000 malicious apps are blocked by mobile devices every day. And as businesses become more reliant on mobile devices in the coming years, the number and intensity of these threats will inevitably grow.
Here are some mobile-related security risks you should watch out for this year.
Opportunists use social engineering to trick victims into divulging confidential or personal information by posing as an authentic entity, like a bank or a colleague. According to 2019 cybersecurity reports, phishing scams — which involves sending fraudulent emails to obtain sensitive information like credit card details and passwords — accounted for 33% of all data breaches. Executives were also found to be the favourite target of cybercriminals: they were 12 times more likely to experience social engineering attacks than regular employees.
To mitigate this threat, it’s critical that everyone in the company — from C-level executives to entry-level staff — must undergo continuous security awareness training.
Phishing through SMS and voice
In the next decade, phishers will further exploit SMS and voice communications. ‘Smishing’, a portmanteau of ‘SMS’ and ‘phishing’, involves sending shortcodes to potential victims alongside a compelling call to action. For example, smishers may pose as a shipping company and send messages with a link that supposedly leads to a page where you can track your package, but actually leads to one that installs mobile malware.
Meanwhile, phishing through voice, or vishing, uses short audio samples of real people to trick both security systems and people. Voice-activated devices could be hacked, and stolen audio bytes could be used to take over said devices.
As with phishing emails, the best way to avoid these new attack approaches is to continuously provide cybersecurity education. This year, no business should ever compromise on training. Keep in mind that about one in four data breaches is caused by human error.
Unsecured public Wi-Fi
With remote work quickly becoming the norm, employees are now more likely to connect to public Wi-Fi networks in coffee shops or airports to access work files. However, public networks are not as secure as company networks. They are susceptible to man-in-the-middle (MITM) attacks, where attackers ‘eavesdrop’ and possibly alter data exchanged between communicating devices.
One can also unknowingly connect to a rogue Wi-Fi hotspot, or a hotspot that purports to be legitimate to trick people into connecting to it and sharing sensitive data such as credit card credentials and social security numbers.
To protect your data when connecting to public Wi-Fi networks, always use a virtual private network (VPN), a network that encrypts data to and from your devices and connects you to a secured network, thus hiding your details and your activity from prying eyes.
Software vulnerabilities are holes in the security of operating systems or software that cybercriminals can exploit, like the several critical vulnerabilities Android disclosed in December 2019. To prevent hackers from taking advantage of such flaws, make sure that your software is up to date and that you’ve installed the necessary patches that ‘patch’ security holes to keep hackers at bay.
From implementing tougher security measures to mitigating emerging mobile threats, OfficeTek can help. It’s our commitment to provide proactive technology support to businesses in the West Midlands. Learn more about how to protect your business against cybercrime by downloading our eBook 'A Business Owner’s Guide to Cybersecurity' now, or call us at 0121 525 0016 for a consultation.
Like This Article?of our most popular posts