You may have found your business is relying on mobile devices more and more. The computing power of phones and tablets can now equal that of your average desktop computer, but their portability makes them far more useful in a remote working environment.
With the number of online communications options available to mobile devices, making a call on a mobile phone is almost an afterthought – but with a cloud business phone system, it is an option that is supported.
However, if you are investing heavily in mobile devices to provide solutions for your business, you must invest equally heavily in mobile security. Cybersecurity should be a priority for any business, but mobile security comes with its own unique threats.
This is not to say mobile devices are not worth the trouble – it simply means their use comes with risks and you need to be aware of them.
There are a lot of mobile security myths, and much of this comes from the complicated nature of the topic. With that in mind, we will try to be as straightforward as possible. This article will outline the five biggest threats to your mobile security and teach you how to prevent them.
Data leakage means data has been transferred to an external (i.e. not within your business network) location without authorization. There are two main causes. The first is human error when someone mistakenly sends data to the wrong place. The other cause is more complicated – it is a misunderstanding of what apps share what data.
This is a particular problem in mobile security because employees may not have business-specific mobile devices. Say their device has a contact dialer app for business use, with customer numbers stored on it, and a personal app for friends’ contact details. If they have their device configured so those apps can share data, their personal contacts list might end up with customer data on it. This is an example of data leakage.
The best way to combat data leakage is awareness of how data should be properly shared. Educate your employees on the types of sensitive data they are likely to handle frequently and how they can safely transfer this.
As improper communication can lead to improperly-trained employees (and therefore data leakage) make sure you have the best business communication solutions to ensure good communication between you and remote employees. Data leakage frequently comes from simple mistakes, so clarity in your training sessions is vital.
Another solution is the use of data loss prevention (DLP) or mobile threat defense (MTD) tools. DLP software will warn users if an action they are about to perform will cause a data leak. MTD tools can scan apps and advise if they are likely to cause data leaks through unauthorized data transfer.
Poor password hygiene can mean a user has poor-quality passwords, reuses passwords, or that they do not use multifactor authentication (MFA). Sometimes, it can mean the user does all three.
This is a danger with mobile devices because these may contain a combination of personal and business login details. Your business does not suffer if an employee uses the same password for all their personal accounts, but when they use that password for a business application, it can cause problems.
Encourage your employees to change passwords regularly and implement rules to stop passwords from being shared. Easy communication is a great feature with mobile devices, but it can be a security issue too, so take specific measures to prevent passwords from being sent from insecure mobile messaging apps. Finally, make use of an MFA application so that even in the event of a password being leaked, you have an extra layer of security.
As with most enterprise problems, there is also a digital solution: invest in a password manager for your company, so you can organize and track passwords. By “track”, we mean your password manager should be able to tell you what password was used to access what database. This is especially helpful when you are leading a remote team, as the management software will track password usage no matter where or when the password was used.
All devices require regular software updates to remain secure. However, when it comes to security, mobile devices do not receive updates as consistently as their desktop counterparts. This issue is especially widespread among Android devices. If any of your employees are using Android devices for business, they are likely running on outdated software.
You cannot rely on manufacturers to update devices, so you need to take matters into your own hands with regard to mobile security. As mentioned above, there is plenty of software you can apply to ensure data stays secure. As well as preventing leaks, MTD tools can stop mobile malware from being downloaded and spot malware already on a device.
If you are looking to provide your employees with mobile devices for business use but are not interested in building a mobile security network, you might still be in luck. Although many mobile device outlets provide infrequent security updates, there are a few that are more consistent. If you shop around enough, you should be able to source a provider that maintains reasonably secure devices for business use.
Insecure Public Wi-Fi
If you are using a mobile device to access the internet, you are likely using Wi-Fi to do so. If you are sending data to another device – company data, zero-party data, or any other kind – you need to make sure the Wi-Fi network is secure.
In this modern era, where remote working is frequent, it is difficult to guarantee the security of every Wi-Fi signal your employees connect to. Using public Wi-Fi is especially hazardous, as hackers frequently use it to intercept data in what is known as a “man-in-the-middle” attack.
Due to these hazards, the safest thing you can do is adopt a zero-trust policy for public Wi-Fi. Any mobile device used for company business should only be allowed to connect to Wi-Fi you have vetted and authorized. Although this can limit the portability and convenience of mobile devices, it does make for safer data.
Zero-trust policies are safest, but if some of your employees rely on public Wi-Fi to complete business tasks, there are alternative methods to ensure security. Encrypting any data you send over an insecure Wi-Fi network is a good idea, as it can foil hackers even if they succeed in intercepting it.
Phishing and Social Engineering
Sometimes, it can seem like cybersecurity is a solely technical issue. This is untrue – the most vulnerable part of a device is often the person using it. The manipulation of a user, rather than a technical attack on a device itself, is known as social engineering.
Phishing is when an attacker pretends to be a trusted entity to steal data. It means doing something as simple as clicking the wrong link can lead to a security breach. As mobile devices are primarily used for messaging, they are the primary targets of phishing scams. The threat is further heightened by the limited amount of information one sees on a phone screen and the fact many workers on mobile devices may be distracted by multitasking.
Much like our advice on data leakage prevention, phishing and social engineering can be avoided by improving your employees’ cybersecurity awareness. Regular training sessions, preferably with examples of phishing scams, are the best way to reinforce this.
If you tend to use face-to-face communications or speak over the phone, social engineering will be less of a risk, as most phishing scams appear via email or other text-based mediums. However, even though using phone systems for enterprise can be safer, expert scammers can still acquire data via a phone call.
The Finishing Touches for Your Mobile Security
Although we have provided some examples of procedural changes and software tools, consistently high-quality mobile security can only be achieved by getting staff on board with your new procedures. Creating cooperative employees can be the hardest part of enforcing mobile security, so remember to research online if you are looking for tactics to increase compliance.
Also, do not forget to test your new procedures and software to make sure they are right for you. Although this can be time-consuming, you should explore automation to make the process faster and more effective. There are many kinds of automation, from cognitive RPA to discovery tools to simple software bots, so research this field before you pick your tool of choice.
Finally, do not forget these are only five of the many possible threats to your mobile security. There are more potential hazards out there, so you will need to be prepared for anything.
Author’s Bio: Jenna Bunnell is the Senior Manager for Content Marketing at Dialpad, an AI-incorporated cloud-hosted unified communications system that provides valuable call details and virtual fax for business owners and sales representatives. She is driven and passionate about communicating a brand’s design sensibility and visualizing how content can be presented in creative and comprehensive ways. Here is her LinkedIn.
[…] and will be configured as such by your administrators. It will essentially be locked, which provides safety in case the device should fall into the hands of others. You may find that with the type of kiosk […]
[…] If your company is about to invest in or extend the functions of an MDM tool, remember that mobile device security should never be compromised, and you should always incorporate robust data protection measures into […]
[…] Remote device management refers to a set of practices involving accessing, controlling, and monitoring IoT devices, mobile devices and tablets in an organization from one centralized platform. A RDM software enables IT administrators to remotely deploy devices, troubleshoot problems, manage applications and block unauthorized data access for higher enterprise mobile security. […]
[…] it is clear to see that while BYOD can be a huge boost to productivity, it can also lead to massive security threats when a company’s intellectual property follows workers out of the building at the end of the […]