Mobile devices are now a staple of the workplace, as ubiquitous as open floor plans and videoconferencing. Enabling employees to work from their mobile devices can even boost satisfaction, productivity, creativity, loyalty, and engagement. That’s quite a list of benefits.
However, embracing these upsides also requires paying attention to the downside: mobile threats. Given the sheer volume and value of sensitive data on employee devices, mobile security needs to be an IT priority. Every time an employee accesses corporate data from a smartphone, they can put the entire network at risk—unless proper security measures are in place.
To unlock the full potential of workplace mobility, IT pros need to understand the biggest mobile threats. Here’s an overview of the top five hazards you should be on the lookout for in 2018 and beyond.
1. Unintentional data leaks
As defined by PCMag, data leakage is “the unauthorized transfer of classified information from a computer or data centre to the outside world.” There are any number of paths through which this transfer can take place, from security gaps in record systems or the misuse of data by a third party (such as an ad platform) to something as simple as an accidentally forwarded email.
Although there are definitely exceptions, data leakage is generally unintentional—the result of employees who don’t realize data seeps out when it flows between, say, a mobile device and an accounting system. IT can minimize the risk of data leakage by creating a map that identifies sensitive data, tracks where it flows, and explains why. This map can provide invaluable insight into potential risks and vulnerabilities.
It’s also a good idea to continuously monitor data usage for anomalous activities, such as internal threats from malicious or rogue users and the usage of stolen credentials. To keep these threats at bay, you should deploy safeguards, such as encryption, access controls, data masking, and quarantines.
2. Vicious phishing attacks
No one likes to think they’d fall prey to a phishing scheme, but phishing today doesn’t look anything like it did 10 or even 5 years ago. Fraudsters have gotten more sophisticated, thanks in part to the wealth of information available across social media.
Verizon’s 2017 Data Breach Investigations Report found that “1 in 14 users were tricked into following a link or opening an attachment,” while the latest statistics from Canada’s Department of Public Safety and Emergency Preparedness estimate that 156 million phishing emails are sent every day, of which 80,000 are successful in their mission to pry information or money from an unsuspecting clicker.
Mobile devices make organizations even more vulnerable, as mobile phishing techniques vary widely from the typical email phishing most users are trained to recognize. A report from Wandera discovered that 81 percent of mobile phishing attacks take place outside of email, with 26 percent of these attacks distributed via gaming apps.
Education is key to mitigating mobile threats. Even the strongest mobile security prevention measures in the world will be powerless once an employee has clicked on something they shouldn’t have. Training on identifying phishing attempts should be ongoing and include a practical component. As certain users tend to be repeat offenders, you should consider conducting test phishing attempts to identify employees who may need extra coaching. There are also a few technical solutions on the market that can flag suspicious messages.
3. Insecure Wi-Fi connection
When using mobile devices for work purposes, employees are often out of the office, which means they’re likely to connect to a Wi-Fi network that may not be secure. These connections are a prime opportunity for hackers to intercept traffic and steal valuable information.
In crafting a mobile security prevention strategy, IT teams need to account for employee use of open and unsecured networks by encrypting all traffic through a VPN. VPNs funnel traffic through a secure network that’s difficult for a third party to monitor. Just make sure to avoid a VPN that doesn’t actually encrypt traffic or, even worse, logs the activity.
4. Outdated devices
Security vulnerabilities often get addressed through software updates. These updates can include important patches for security holes that, when ignored, leave the door wide open to hackers. It may be annoying to see those little red circles asking you to download an update and restart, but devices that aren’t updated regularly can pose a serious threat.
Part of ensuring devices are up to date is making sure you use devices that receive updates regularly. In a recent Android Upgrade Report Card in Computerworld, all Android manufacturers except Google received a C+ or worse. On top of that, many IoT devices aren’t designed with a patching mechanism at all. You need to do what you can to ensure all devices used for work are updated in a timely, reliable, and consistent manner.
5. Endpoints flying under the radar
Mobile devices aren’t the only endpoints that pose a risk—endpoints connected to those mobile devices are indirectly at risk of being infected by mobile threats, too. Take printers, for example. Few people suspect printers of being security threats, but they’re no longer the isolated machines they used to be. Instead, they’re connected to every other endpoint in your office. If someone uses an infected mobile device and prints on an unsecured printer, it could lead to a major breach that puts the entire network at risk.
The best approach is to adopt solutions for mobile printing that offer security without compromising convenience. Consider using server-based mobile printing that integrates with secure print authentication policies and wireless printing that allows for mobile printing independent of the company network.
Mobility and BYOD have continued to grow riskier over the years, but this year’s top mobile threats likely won’t come as a shock. By being aware of these hazards and preparing for the worst, you can prevent these five risks from punching a hole in your company’s security infrastructure this year and in the future.