While they used to be a luxury, mobile devices are now in the hands of nearly every man, woman, and child around the globe. In the business world, cell phones and tablets have become a necessity in recent years, especially as technology evolves and we move to a more remote workforce.
However, while business professionals are reaching a new level of productivity on the go, they are falling short when it comes to securing their devices – and hackers and cybercriminals are taking advantage. Technology will only continue to advance as time goes on, so it is essential that employees of all sectors, from eCommerce to the health industry, get a grasp on good cybersecurity now, so your company is ready for the future. Let’s talk about mobile security, the common threats, and how you can prevent them and stay productive.
Keys, wallet, phone - today's essentials
Times are changing, and so is our dependence on mobile devices. The arrival of the COVID-19 pandemic forced many companies to send their employees home to work remotely, and experts believe that this trend could continue throughout the year 2021. That means that more people will be messaging, emailing, and communicating via their phones for the foreseeable future.
Along with an increase in remote work, we are also seeing a rise in businesses turning to cloud computing solutions. Studies show that 35% of companies will be turning to this service in 2021, as it is the best way to have all employees connected and enable them to send and receive communications, see their work reflected in real-time, and access the applications they need at the touch of a button. Again, this is great in practice, but if security is not at the forefront of these corporate transitions, hackers can easily gain access and steal your data and that of your customers.
While it is good to be connected to your staff, if a hacker is able to access the mobile device of one user, they can then use the network to infect others all the way up to the c-suite. To nip this in the bud, your company needs to enact an acceptable use policy that is understood and signed by all of your employees. This policy should list which devices can be used and where. If company devices are only for work use, that should be specified as well. Make cybersecurity instruction a part of your onboarding and training programs and require that this form is signed by all associates.
Common threats to mobile security
As our world changes, so do the tactics used by cybercriminals. For instance, hackers know that many people are working from home or public places, so they are setting up man-in-the-middle attacks which utilize fake and free Wi-Fi networks that are made to look like the official network set up by the establishment. However, when you connect, you are connecting directly to the hacker’s system, and they can steal your information from there.
The first line of defense against a man-in-the-middle attack is to either verify the correct Wi-Fi network before connecting or turn off Wi-Fi capabilities on your device altogether. Beyond that, all phones should be set up with email encryption either through a digital certificate, a Virtual Private Network (VPN), or by activating the encryption opinion available on all current cell phones and tablets.
Phishing scams will always be a go-to for hackers who are trying to get an emotional response out of victims. This is an email sent to a target that appears to be from a figure of authority that will include a message along with a link or attachment. When clicked, the recipient allows a virus or malware to enter their system, and from there, the hackers can steal the data or take it hostage with ransomware.
Hackers will often modify these communications to correspond with current trends, so they might pretend they are with the Center for Disease Control with promising information about a COVID-19 vaccine or your cloud provider asking you to click a link and update your login information.
Now more than ever, it is essential to avoid falling for phishing scams. Employees should never click a link or attachment unless they recognize the sender and were expecting the email. It is also important to know phishing email warning signs, including:
● Many misspellings in the subject and body of the email (an attempt to get past the spam filter)
● A vague greeting, such as “To Whom It May Concern”
● An “official-looking” email, but it is from a common email provider like Gmail or Yahoo
Be proactive about mobile security
While the threats may be changing, your line of defense can remain strong by sticking with the security standards that have been working for years. For instance, antivirus software should be installed on every mobile device as well as the computers and backup systems at the main office. Pair this software with a firewall that can help block any unwanted traffic. Update both of these programs whenever a new version is available, so you are protecting your system against the newest threats.
In addition to this software, your main line of defense will always be a strong password that includes a combination of letters, numbers, and special characters. It should be difficult to guess, and it should not include clues that a hacker could find on your social media accounts. Passwords should be changed every couple of months, and if an employee leaves the company, their access to the device and any installed programs should be revoked.
Since even the most complicated passwords can be guessed, you should seriously consider adding two-factor authentication requirements to all mobile devices. This is a second form of identification combined with your password that only you possess. Common types of two-factor authentication (2FA) include SMS 2FA and authenticator apps which utilize a secret key to unlock application access. Even with all of these protections in place, a hacker can still cause damage if they get their hands on your device. To that end, phones and tablets should always be kept in a pocket when not in use, so they are never left unattended.
As time goes on, mobile devices will only become more important to the success of our businesses and the busy employees who work within them. Take the time to protect your systems now so your team can focus on the work and not the risks.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.