It used to be the case that companies only needed to worry about securing their office's four walls. Back in those days, employees worked on computers that were bound to their desks. The only way for a cybercriminal to launch an attack was to somehow get into the company network.
Today, though, it's a different story. We're in the age of cloud-based, distributed, remote working. Employees now work on their laptops and phones, and many feel empowered to work wherever they please: their homes, public libraries, coffee shops and even airports.
This new way of working is superb for productivity. Your employees no longer have to be physically in the office to answer client requests and do their work. However, remote and mobile working also brings a host of new security risks. Wherever your employees work, they're taking your sensitive data with them.
If their mobile devices are stolen or compromised while out and about, this could spell trouble for your company in the form of a data breach. With the average data breach costing Australian companies a huge $3.35 million per breach, securing employees' mobile phones needs to be imperative.
The most common mobile security threats
You can't secure what you don't know about, so the first step in any mobile security strategy is to gain a deeper understanding of the threat landscape. With that in mind, here are the threats you need to know about that are impacting mobile devices.
Man in the middle attacks
When your employees work while out and about, they'll probably connect to public WiFi spots - the kind you find in cafes and restaurants. These WiFi spots enable your employees to save their mobile data, but public WiFi is infamous for being poorly secured.
Hackers have been known to corrupt public WiFi spots and use them as a basis for man in the middle attacks. In these attacks, hackers compromise a public WiFi spot and then collect the data from devices connected to it. This data will often include sensitive information like passwords, financial details and even intellectual property.
Another way hackers target mobile phones is through creating fake, malicious applications that masquerade as real ones on popular app stores. These counterfeit apps will often imitate apps from well-known brands to trick victims into downloading them. Once downloaded, these apps will either launch spyware or ransomware on the victim's device.
Malicious apps are a huge problem today, and research indicates that around 24,000 malicious mobile apps are blocked every day.
Fake WiFi spots
As well as breaking into WiFi spots, hackers often create their own fraudulent ones and launch them in high-traffic places. These WiFi spots will have similar names to WiFi spots people would expect to find in the area. For example, if a hacker deploys a WiFi spot near a Starbucks, they might call it "Starbuckss" to lure users in.
Unlike traditional WiFi spots, these malicious imitations steal users' sensitive data. This data can then be used to launch social engineering attacks like phishing or even sold directly on the dark web.
How to protect your employees from mobile security threats
Your approach to mobile device security will depend on whether your employees use company-owned phones or access corporate resources from their own devices.
We advise deploying a mobile device management (MDM) solution on your corporate-owned devices in the first instance. MDM works by giving you deeper visibility and control over how your employees use their mobile phones. You can, for example, block them from using suspicious applications and WiFI spots. This can help to combat a range of security threats.
If your employees use their own phones for work purposes, MDM may not be feasible. This is because MDM gives you unrestricted access to how employees use their phones, which could inhibit their privacy if the devices are personal.
An alternative is to conduct thorough employee training, highlighting the risks of using public WiFi spots and downloading malicious apps. You can back up this training with corporate policies that instruct employees on what they can and can't do when using their phones for work purposes.
We advise working with a managed service provider for all of these cases, who can manage your mobile security strategy for you. At NetCare, our experts can help you deploy MDM, conduct employee security training and even manage your security from end-to-end, so you don't have to worry about mobile security threats!
Schedule a Mobile Security & Compliance Review Today
The security implications of mobile work are still a new concept to many Australian businesses. Don't leave your security and compliance to chance. NetCare can do a total mobile security review to let you know where you stand.
Contact us today to learn more. Call (02) 9114 9920 or reach out online.