The use of mobile devices among all industries (healthcare, financial, education, oil & gas, etc.) has skyrocketed over the past few years. Security firm Kaspersky Lab found that 62% of business owners use personal mobile devices for work and 92% of them store sensitive company data on devices that are used for both personal and work purposes.
Mobile devices certainly have their perks. They allow employees to work from anywhere and you can fill out information on a form on the fly. For example, a doctor’s office might use tablets instead of paperwork to take notes during a patient’s visit. This can save a ton of time and energy. Some companies even take payments solely through a mobile device rather than a Point-of-Sale system. This can save companies a lot of money. Overall, mobile devices allow businesses to work more efficiently without the hassle of paperwork.
However, there is a downside to the widespread use of phones and tablets in the workplace. Many people believe that mobile devices are somehow less vulnerable to malware, viruses, and hackers. This couldn’t be further from the truth. In fact, according to McAfee security firm, malware aimed at Android devices has increased by 76% over the past few months. Hackers are interested in mobile devices because they often contain sensitive data like customer information, company secrets, and credit card information. This kind of data is valuable to hackers because they can sell it for premium prices on the dark web.
Mobile devices can actually be less secure than computers. This is because they aren’t protected by things like firewalls or antivirus software. Your mobile device can become infected in a variety of ways:
Downloading malicious apps
Not all apps are safe to download. While apps in the official app store are usually safe (not always) others that you download can contain malware and spyware. The spyware can be used to log your keystrokes and steal passwords. This allows criminals to not only steal information on your mobile device but also from any account that they stole login credentials for. It’s important to carefully vet which apps you download and have policies in place so employees know what they can download. Better yet, don’t allow employees to download new apps unless approved.
Opening malicious emails
More than likely, employees will be using the mobile device to check their work email. As you might know, many malware infections occur as a result of downloaded email attachments. Malware can even be installed just by clicking on a link in an email and being taken to a webpage. The webpage instantly downloads the malware and installs it on your phone. Be careful and be vigilant when receiving emails - even from sources that appear to be known. Hackers now can spoof email addresses so it appears like the email is coming from your boss.
Using unsecured public wireless internet
Always be careful when connecting to public Wi-Fi, even when using a computer. Hackers have the ability to intercept your connection and see what’s on your computer if they want to. You also allow yourself to be more vulnerable to man in the middle attacks. For both mobile devices and computers, never access sensitive data or accounts (like your bank account) when connected to public wireless. You are better off using a virtual private network (VPN) or just using cell phone service.
Text message phishing scams
Scams occur when you receive a text message from an apparently legitimate source asking for your personal information. For example, you might get a text from “Apple” asking for information about your device. Hackers can use the information that you give them to install malware on your phone or to just get credit card information or social security numbers. Never give out sensitive information via text message.
To reap the benefits of using mobile devices at your organization or business while still maintaining security, you should:
- Never jailbreak your phone. This damages the built in security of a phone or tablet.
- Use a virtual private network. This will allow you to securely use your device while on public wireless.
- Encrypt data and messages. You can use a messaging app such as WhatsApp to send secure, encrypted text messages.
- Always update hardware and software to modern versions. Companies release security patches with updates to cover known vulnerabilities in devices.
- Have policies and procedures in place. Your mobile device security strategy should be a part of your Information Security Policy.
- Train your employees about acceptable use of mobile devices and educate them about your policies.
- Only download apps from the official app store of your device.
- Install antivirus software on your devices.