The increasing use of mobile devices in our personal lives has led to a growing acceptance of smartphone usage at work. As a result, the boundaries between our private and our employer’s digital domains have become blurred.
While a few employers are reluctant about working on personal smartphones, for many industries it has become normal for employees to be responsive online – answering calls and emails through their mobile devices. And, while the positives and negatives of this can be debated – it can’t be denied that this has created a secondary issue; a rise in cybercrime targeting mobile devices at work.
Here, we take a look at how mobile services have become a major cybersecurity risk for businesses, and some effective tools to help solve these issues, and safeguard your company’s private data.
Use of mobile devices for business
It is well-known that mobile devices have become far more common in the work environment over recent years. Once considered a no-no in the workplace, mobile devices are now extremely common. In fact, 87% of companies say that they expect staff to use personal devices for work purposes.
There are significant positives from this perspective too, as 75% of employees say that using their smartphone makes them more productive at work. It can be easy to understand how this can feel like a win-win scenario. Companies want them to be used, and employees want to use them. However, businesses need to be aware of the greater exposure to cybersecurity attacks this presents – an important fact that is often overlooked.
Mobiles need protective measures
Employees that use computers at work are generally protected by a range of cybersecurity measures. Smaller businesses and those less security orientated will almost always still have measures such as a firewall and anti-virus software that runs across all the machines in the system. Larger and more advanced businesses might also have cybersecurity software for their computer systems, such as SIEM and MDR.
However, what these services all have in common is that they do not provide protection for personal devices, smartphones or regular mobile internet use which must also be a consideration. Remember, smartphones that are not considered a part of the company IT infrastructure may still be able to access and leak sensitive company information, but lack these powerful cybersecurity measures to keep them safe.
What your business can do: It may be the case that your business simply hasn’t caught up to the fact that more workers are using mobile devices and a variety of endpoints. It is important to create a mobile device policy and establish a formal code of conduct so that staff understand, and are fully aware of the current cyber threats and their company’s vulnerabilities.
Staff need to take responsibility for their own mobile phone cybersecurity. Teach them how to keep devices secure by using strong passwords and antivirus software, for example, as well as taking precautions if they are working in public places and surfing between work and home networks.
Mobile malware attacks are on the increase
Once something becomes common, you can be sure that cybercriminals will look for ways to exploit it. This has certainly been the case with regards to the use of mobile devices within a business setting.
A recent report revealed that mobile malware attacks rose by 15% in 2020, and given that this number has been growing for a number of years, this represents a serious problem. Malware – once something we only generally worried about in computers – has become increasingly common on mobiles.
Malware can be extremely troublesome, not least because it can actually stay on a device for a very long time without being noticed. This means that cybercriminals can breach a system and steal data for a significant period after malware has been implanted on the device.
What your business can do: When it comes to malware, by far the most common factor in what leads to a cyber attack is human error. As such businesses need to provide high quality cybersecurity training sessions to staff. Make sure that these sessions are regularly updated.
Reduce the risk of working from home
As a part of the Covid-19 pandemic, there has been a huge rise in the number of people working from home. That’s been very good news from a number of perspectives; productivity and staff morale have gone in a positive direction. But from a cybersecurity perspective, home working is something of a challenge.
“With remote working the new norm, it’s easy to slip into bad habits,” says Juliette Hudson, Senior SOC Analyst at Redscan “however, with cybersecurity risks being greater than ever and remote workers lacking office protections, it’s important to maintain a high, if not higher standard, of security awareness.”
It is common for private computers to have reasonable cybersecurity measures, but actually relatively rare for mobile devices. This means that if more people are working at home and using mobile devices, they are potentially causing cybersecurity issues for the business they work for.
What your business can do: Look out for the issue of shadow IT. Shadow IT refers to apps and software that are used on devices without the IT knowing about it. Typically, the IT team will check and approve all applications and software being used by staff. But if these applications are on mobile devices that the IT does not have access to, it can lead to corrupted software or applications with known vulnerabilities being used inadvertently. These can be exploited by cybercriminals.
Endpoints are a major target
While businesses can be targeted in many different ways, there has been a significant rise in the specific targeting of endpoints. If cybercriminals are able to gain access to an endpoint – such as a mobile device – they can get into the system as a whole.
This is something that many businesses still are not putting in the right level of effort and investment on.
What your business can do: It’s a great idea to limit access. In the past it may have been acceptable for all members of staff to have full access to company data via their logins. But in an era where we need to be more careful, it makes sense to limit staff members so that they only have access to the data they need to do their job.
This way, if a mobile device is compromised, it alone will not give a cybercriminal complete access to the company files.
Mobile devices have an important role to play for businesses – they are liked by employees, and it is clear that they have naturally become important to how companies operate. But as they pose a cybersecurity risk, more has to be done to integrate a more holistic cybersecurity policy that puts a greater emphasis on ensuring mobile devices are secured in the same way as other machines utilizing the system.