If your company uses mobile devices to conduct company business, such as accessing company email or sensitive data, pay close attention to mobile security and the potential threats that can expose and compromise your overall business networks. This section describes the mobile threat environment and the practices that small businesses can use to help secure devices such as smartphones, tablets, and Wi-Fi-enabled laptops. Many organizations are finding that employees are most productive when using mobile devices, and the benefits are too great to ignore. But while mobility can increase workplace productivity, allowing employees to bring their own mobile devices into the enterprise can create significant security and management challenges.
Data loss and data breaches caused by lost or stolen phones create big challenges, as mobile devices are now used to store confidential business information and access the corporate network. According to Symantec mobile security survey, 68 percent of respondents ranked loss or theft as their top mobile-device security concern, while 56 percent said mobile malware is their number two concern. It is important to remember that while the individual employee may be liable for a device, the company is still liable for the data.
Top threats targeting mobile devices
- Data Loss – An employee or hacker accesses sensitive information from device or network. This can be unintentional or malicious, and is considered the biggest threat to mobile devices
- Social Engineering Attacks – A cyber criminal attempts to trick users to disclose sensitive information or install malware. Methods include phishing and targeted attacks.
- Malware – Malicious software that includes traditional computer viruses, computer worms and Trojan horse programs. Specific examples include the Ikee worm, targeting iOS-based devices; and Pjapps malware that can enroll infected Android devices in a collection of hacker-controlled “zombie” devices known as a “botnet.”
- Data Integrity Threats – Attempts to corrupt or modify data in order to disrupt operations of a business for financial gain. These can also occur unintentionally.
- Resource Abuse – Attempts to misuse network, device or identity resources. Examples include sending spam from compromised devices or denial of service attacks using computing resources of compromised devices.
- Web and Network-based Attacks – Launched by malicious websites or compromised legitimate sites, these target a device’s browser and attempt to install malware or steal confidential data that flows through it.
A few simple steps can help ensure company information is protected. These include requiring all mobile devices that connect to the business network to be equipped with security software and password protection; and providing general security training to make employees aware of the importance of security practices for mobile devices. More specific practices are detailed below.
Use security software on all smartphones. Security software specifically designed for smartphones can stop hackers and prevent cybercriminals from stealing your information or spying on you when you use public networks. It can detect and remove viruses and other mobile threats before they cause you problems. It can also eliminate annoying text and multimedia spam messages.
Make sure all software is up to date. Mobile devices must be treated like personal computers in that all software on the devices should be kept current, especially the security software. This will protect devices from new variants of malware and viruses that threaten your company’s critical information.
Encrypt the data on mobile devices. Business and personal information stored on mobile devices is often sensitive. Encrypting this data is another must. If a device is lost and the SIM card is stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
Have users password protect access to mobile devices. In addition to encryption and security updates, it is important to use strong passwords to protect data stored on mobile devices. This will go a long way toward keeping a thief from accessing sensitive data if the device is lost or hacked.
Urge users to be aware of their surroundings. Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulder.
Employ these strategies for email, texting, and social networking. Avoid opening unexpected text messages from unknown senders – As with email, attackers can use text messages to spread malware, phishing scams, and other threats among mobile device users. The same caution should be applied to opening unsolicited text messages that users have become accustomed to with email. Don’t be lured in by spammers and phishers – To shield business networks from cybercriminals, small businesses should deploy appropriate email security solutions, including spam prevention, which protect a company’s reputation and manage risks. Click with caution – Just like on stationary PCs, social networking on mobile devices and laptops should be conducted with care and caution. Users should not open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the information on it.
Set reporting procedures for lost or stolen equipment. In the case of a loss or theft, employees and management should all know what to do next. Processes to deactivate the device and protect its information from intrusion should be in place. Products are also available for the automation of such processes, allowing small businesses to breathe easier after such incidents.
Ensure all devices are wiped clean prior to disposal. Most mobile devices have a reset function that allows all data to be wiped. SIM cards should also be removed and destroyed.