Mobile Device Security – The Current Corporate Threat Landscape
There was a time when the only place customers or coworkers could reach you was at the office or home. Weren’t those days quaint!
Nowadays, our mobile devices go with us everywhere, making them indispensable in both our personal and professional lives. Corporations of all sizes rely on mobile devices to keep everyone in contact with each other. In fact, in the Verizon Mobile Security Index 2020 Report, they are quoted as saying, “… when we asked our survey respondents to rate how crucial mobile is to their business on a 10-point scale, 83% answered 8 or higher.”
With an ever-growing mobile device threat landscape, our mobile devices are under siege at all times. Without us even realizing it, malware could be working in the background, sending our data to malicious actors and compromising the security of our businesses.
What is Malware?
Malware is an umbrella term that covers all kinds of software designed to compromise, damage, or cause chaos on a computing device. Malware (a contraction of the words MALicious and softWARE) can appear on any type of device and operating system, often with few to no signs that it’s installed at all.
Malware can be viruses, spyware, Trojans, worms, ransomware, adware, or botnet software. They can be installed on your computer or mobile device sneakily alongside an innocuous program, through an infected email file, or hidden in untrustworthy downloads.
How Mobile Device Threats Are Evolving
A mobile security breach can have dramatic repercussions for both you and your corporation. Even ignoring the invaluable data that could be stolen, you also must consider the potential financial and brand damage that can come with a high-profile mobile data breach. If your organization gets hit, it could result in large amounts of downtime, regulatory penalties, and your other devices and network being further compromised.
The Weakest Security Link Are Users
Here is the good news: mobile security measures are more advanced than ever. Here is the bad news: the best digital security in the world means nothing if users aren’t careful about what they are doing online.
Phishing is one of the most popular and effective vectors of attack. That is because it focuses on circumventing security measures by targeting the users directly. We’re sure that you receive tons of phishing emails weekly, trying to trick you into giving up your password or downloading an infected file. These attempts are getting more and more sophisticated, and have now started targeting mobile devices. It’s believed that 2% of employees will click on a phishing link every single day, often more than once.
When you’re on a desktop or laptop, you can see an abundance of information. If you go to a fake login page, you can often tell by looking at the URL. On mobile devices, however, the URL is usually hidden to free up more space on the screen.
What’s worse is that phishing attacks and social engineering techniques have “joined forces” to create even more convincing phishing scenarios to compromise security. Business email compromise fraud has resulted in hundreds of thousands of dollars being lost. These attacks are no longer just over email, but through phone calls, text messages, social media, and even productivity apps. The more vectors of attack a hacker uses, the more convincing (and effective) the attack will be.
High-Profile Examples of Mobile Device Breaches
If you instantly thought, “I’d never fall for a scam like that,” you might be surprised at who has in the past.
For example, in October of 2019, two human rights activists were tagged by the Moroccan government by installing Israeli spyware on their phones. Also in October 2019, it was discovered an Israeli cybersecurity firm had sold spyware to malicious actors who used it to compromise the mobile security of military and government officials in 20 countries. The vector of attack? WhatsApp.
What Measures Protect Your Mobile Devices?
So, how do you protect both your employees and organization from mobile threats? There are several simple measures you can take as part of a comprehensive corporate risk mitigation strategy.
One of the most powerful tools you have to protect your corporation from mobile security threats is education. The more you know! By teaching your employees to spot phishing attempts, you can prevent some of the more dangerous kinds of security breaches.
You should also teach them to be more careful about the permissions they allow apps on their mobile devices. Many people simply click “Ok” without thinking about the implications of giving a new social media app full access to their camera, microphone, and GPS location. Most apps do not need this kind of access, so consider when to grant it and when to deny it.
While most employees are responsible users of their business-owned mobile devices, some might be engaging in risky behavior that could compromise everyone’s security. It’s imperative to have a detailed policy explaining acceptable use on business devices. Obviously, adult and gambling websites should be banned, but you should also take a look at banning the installation of games.
How ComSec LLC Can Help
At ComSec LLC, we’re continually looking at helping both individuals and corporations improve their digital preparedness and secure their mobile devices from a variety of cyberattacks.
Our Corporate On-Site Mobile Virus Scan is a measure we’ve recently introduced that could change the game for your mobile security. Here, we come on-site and check all corporate cell phones and mobile devices for spyware and malware. It is a convenient, coordinated on-site effort that takes one to two days, depending on the number of devices that we need to test. We will then give you our results, showing if malware was present or absent on any of the devices, the mode of entry, and the time/data stamp. Then, your cybersecurity team can determine the extent of the infection and take action to protect your network.
We offer many more mobile-focused security services at ComSec LLC. Contact us today to learn how we can detect cyber TSCM threats to your network, detect the presence of illicit mobile devices in your work environment, and teach your employees to be more security-minded in the future!
About the Author:
J.D. LeaSure, CCISM, is the President / CEO of ComSec LLC, a global provider of world class counterespionage and TSCM / Cyber TSCM™ services. www.ComSecLLc.com