You may have found your business is relying on mobile devices more and more. The computing power of phones and tablets can now equal that of your average desktop device, but their portability makes them far more useful in a remote working environment.
With the number of online communications options available to mobile devices, making a call on a mobile phone is almost an afterthought – but with a cloud business phone system, it’s an option that’s supported.
However, if you’re investing heavily in mobile devices to provide solutions for your business, you must invest equally heavily in mobile security. Cybersecurity should be a priority for any business, but mobile security comes with its own unique threats.
This isn’t to say mobile devices aren’t worth the trouble – it simply means their use comes with risks and you need to be aware of this.
There are a lot of mobile security myths, and much of this comes from the complicated nature of the topic. With that in mind, we’ll try to be as straightforward as possible. This article will outline the five biggest threats to your mobile security and teach you how to prevent them.
1. Data Leakage
Data leakage means data has been transferred to an external (i.e. not within your business network) location without authorization. There are two main causes. The first is human error when someone mistakenly sends data to the wrong place. The other cause is more complicated – it’s a misunderstanding of what apps share what data.
This is a particular problem in mobile security because employees may not have business-specific mobile devices. Say their device has a contact dialer app for business use, with customer numbers stored on it, and a personal app for friends’ contact details. If they have their device configured so those apps can share data, their personal contacts list might end up with customer data on it. This is an example of data leakage.
The best way to combat data leakage is awareness of how data should be properly shared. Educate your employees on the types of sensitive data they’re likely to handle frequently and how they can safely transfer this.
As improper communication can lead to improperly-trained employees (and therefore data leakage) make sure you have the best business communication solutions to ensure good communication between you and remote employees. Data leakage frequently comes from simple mistakes, so clarity in your training sessions is vital.
Another solution is the use of DLP (data loss prevention) or MTD (mobile threat defense) tools. DLP software will warn users if an action they’re about to perform will cause a data leak. MTD tools can scan apps and advise if they’re likely to cause data leaks through unauthorized data transfer.
2. Password Hygiene
Poor password hygiene can mean a user has poor-quality passwords, reuses passwords, or that they don’t use multifactor authentication (MFA). Sometimes, it can mean the user does all three.
This is a danger with mobile devices because they may contain a combination of personal and business login details. Your business doesn’t suffer if an employee uses the same password for all their personal accounts, but when they use that password for a business application, it can cause problems.
Encourage your employees to change passwords regularly and implement rules to stop passwords from being shared. Easy communication is a great feature with mobile devices, but it can be a security issue too, so take specific measures to prevent passwords from being sent from insecure mobile messaging apps. Finally, make use of an MFA application so that even in the event of a password being leaked, you have an extra layer of security.
As with most enterprise problems, there’s also a digital solution: invest in a password manager for your company, so you can organize and track passwords. By “track”, we mean your password manager should be able to tell you what password was used to access what database. This is especially helpful when you’re leading a remote team, as the management software will track password usage no matter where or when the password was used.
3. Out-of-Date Devices
All devices require regular software updates to remain secure. However, when it comes to security, mobile devices don’t receive updates as consistently as their desktop counterparts. This issue is especially widespread among Android devices. If any of your employees are using Android devices for business, they’re likely running on outdated software.
You can’t rely on manufacturers to update devices, so you need to take matters into your own hands with regard to mobile security. As mentioned above, there’s lots of software you can apply to ensure data stays secure. As well as preventing leaks, MTD tools can stop mobile malware from being downloaded and spot malware already on a device.
If you’re looking to provide your employees with mobile devices for business use but aren’t interested in building a mobile security network, you might still be in luck. Although many mobile device outlets provide infrequent security updates, there are a few who are more consistent. If you shop around enough, you should be able to source a provider that maintains reasonably secure devices for business use.
4. Insecure Public Wi-Fi
If you’re using a mobile device to access the internet, you’re likely using Wi-Fi to do so. If you’re sending data to another device – company data, zero-party data, or any other kind – you need to make sure the Wi-Fi network is secure.
In this modern era, where remote working is frequent, it’s difficult to guarantee the security of every Wi-Fi signal your employees connect to. Using public Wi-Fi is especially hazardous, as hackers frequently use it to intercept data in what’s known as a “man-in-the-middle” attack.
Due to these hazards, the safest thing you can do is adopt a zero-trust policy for public Wi-Fi. Any mobile device used for company business should only be allowed to connect to Wi-Fi you have vetted and authorized. Although this can limit the portability and convenience of mobile devices, it does make for safer data.
Zero-trust policies are safest, but if some of your employees rely on public Wi-Fi to complete business tasks, there are alternative methods to ensure security. Encrypting any data you send over an insecure Wi-Fi network is a good idea, as it can foil hackers even if they succeed in intercepting it.
5. Phishing and Social Engineering
Sometimes, it can seem like cybersecurity is a solely technical issue. This is untrue – the most vulnerable part of a device is often the person using it. The manipulation of a user, rather than a technical attack on a device itself, is known as social engineering.
Phishing is when an attacker pretends to be a trusted entity to steal data. It means doing something as simple as clicking the wrong link can lead to a security breach. As mobile devices are primarily used for messaging, they’re the primary targets of phishing scams. The threat is further heightened by the limited amount of information one sees on a phone screen and the fact many workers on mobile devices may be distracted by multitasking.
Much like our advice on data leakage prevention, phishing and social engineering can be avoided by improving your employees’ cybersecurity awareness. Regular training sessions, preferably with examples of phishing scams, are the best way to reinforce this.
If you tend to use face-to-face communications or speak over the phone, social engineering will be less of a risk, as most phishing scams appear via email or other text-based mediums. However, even though using phone systems for enterprise can be safer, expert scammers can still acquire data via a phone call.
The Finishing Touches for Your Mobile Security
Although we’ve provided some examples of procedural changes and software tools, consistently high-quality mobile security can only be achieved by getting staff on board with your new procedures. Creating cooperative employees can be the hardest part of enforcing mobile security, so remember to research online if you’re looking for tactics to increase compliance.
Also, don’t forget to test your new procedures and software to make sure they’re right for you. Although this can be time-consuming, you should explore automation to make the process faster and more effective. There are many kinds of automation, from cognitive RPA to discovery tools to simple software bots, so research this field before you pick your tool of choice.
Finally, don’t forget these are only five of the many possible threats to your mobile security. There are more potential hazards out there, so you’ll need to be prepared for anything.
Jenna Bunnell – Senior Manager, Content Marketing, Dialpad
Jenna Bunnell is the Senior Manager for Content Marketing at Dialpad, an AI-incorporated cloud-hosted unified communications system that provides valuable call details and virtual fax for business owners and sales representatives. She is driven and passionate about communicating a brand’s design sensibility and visualizing how content can be presented in creative and comprehensive ways. Here is her LinkedIn.