Security Threats to Mobile Devices and Countermeasures to Fix Them

by

April 29, 2022

Here’s How to Keep Your Employee’s Mobile Phones Safe

In today’s increasingly mobile work world, mobile phones have become a requirement. Most companies have accepted that employees will be using their own personal devices to access company emails, read/respond to critical company files, and even attend video conferences. But has your organization truly addressed security challenges in mobile devices?

The challenges may be bigger than you realize. In fact, in a recent nationwide survey of companies by Verizon, 71 percent of IT managers said that mobile devices were critical to their business, yet 3/5ths of said mobile threats are rising, and their biggest current cybersecurity threat. They’re not wrong. Security firm Check Point released a Mobile Security report in 2021 that estimated four out of every ten mobile phones are inherently vulnerable to cyberattacks. According to their analysis, no company has been immune. The report estimates that 97 percent of organizations worldwide faced sophisticated, multi-layered cyberattacks. Forty-six percent of those companies reported at least one employee downloaded a malicious phone app.

The numbers are pretty daunting. But luckily, both the security threats to mobile devices and countermeasures to defeat them have gotten more sophisticated. That means there are better and simpler tools available to mitigate the threats. But first, let’s talk about the ways that cyber thieves can create security challenges in mobile devices.

Security Challenges in Mobile Devices: Common Threats

Cellular devices are easy to carry and easy to use. Cyber criminals often have more success on these smaller screens, where spoofs are harder to spot. Additionally, it is more dangerous to log your company network using a mobile device. When an employee is out of the office, the protective bubble of your on-site cybersecurity isn’t available.

While there are many ways to breach a mobile device, most incursions tend to stem from these key threats:

Malicious Hotspots:

Here, a criminal can set up a “free” public hotspot. Sometimes, users are asked to sign with passwords or personal information to get access. Then, thieves can monitor keystrokes until an employee types in more sensitive information. It’s a terrible and terribly effective criminal technique.

Man-in-the-Middle Attacks:

In this type of attack, cyber criminals interrupt the flow of data coming off your mobile device, and use it to monitor your network or hack into your data.

Shadow IT:

What’s this, you ask? It’s when your employees use unapproved apps to communicate with staff members, or store/create company files. When business is being conducted, this opens your company up to risk. If the platforms they’re using get hacked, or the wrong person gets their password, your data can be compromised.

Phishing/Spoofing:

These spam texts and emails are designed to look like they come from a co-worker or trusted source. On a smaller screen, it can be easy to mistake these attacks are real messages.

Stolen Devices:

A missing device is the ultimate risk for your company. When a device is stolen everything from an employee’s contacts, to their emails, to their documents could be sold to the highest bidder.

So, as you can see, there are plenty of security challenges in mobile devices to worry about. But, with security threats to mobile devices, countermeasures can be taken to address them directly. Let’s talk about some of the most common ones.

Security Threats to Mobile Devices and Countermeasures to Address Them:

If your company allows employees to access company network assets like documents, screen calls and communication channels, it’s important to have a Bring Your Own Device Policy in place. This written policy has two big benefits to the company: clarification of your IT strategy, and a framework for employee cybersecurity training around their devices. A good BYOD policy will help your organization focus its efforts and budget around key mobile protections, and will set an enforceable standard of conduct on employee devices that will keep them safe.

The trick is finding the right balance between allowing your employees the freedom to use their phones personally, while giving them the tools they need to be to safely access their work assets on the fly. While there are many mobile cybersecurity tools that are available, here are the key tools & techniques that we recommend most often:

Ban Storage of Company Documents in Non-Sanctioned Cloud Storage

You’re taking a document on home with you to work on over the weekend. Or maybe you’re trying to send a company document to an important vendor for review. In cases like these, it can be tempting to just import the document into a app like Google Docs or Box to make the process of accessing and working on a file easier. Behavior like this can seem benign, and it often is. But in reality, anything that takes your work files out of your encrypted network is a risk. We encourage most companies to have cloud-based backup systems off site. Train your employees to store their documents in a central location that’s protected by the company. Then, they’ll be well on their way to addressing security challenges in mobile devices.

Discourage the Use of Communications Apps Outside the Company’s Network

Of course, employees can use any communications tool they please for their own personal use. It’s okay for them to use from Facebook Messenger, to WhatsApp, SnapChat, Slack, and more. But if they’re  conversing with co-workers or clients about company business, train them to always use platforms like Microsoft Teams, or other apps requiring two factor authentication. This will ensure that their conversations are always encrypted, password protected, and stored in the company’s logs. They can be both backed up, and accessed later.

Encourage Employees to Leave Wi-Fi Off When Away From the Office or Home

As we’ve mentioned, public wi-fi is one of the biggest ways a hacker can get access to your phone. Stop this in its tracks by asking employees to set their wi-fi setting to “off” when they are outside the password-protected networks of their home or office. Or, if they’ve got unlimited data, encourage them to leave wi-fi off all the time.

“Containerize” Company Traffic on Personal Cell Phones

Many security challenges in mobile devices can be diverted by creating “containerized” channels of communications that can rest on your employee’s personal phone. It’s simply a fancy way of walling off your company’s apps and data from the rest of their personal activity. While the strategy for tackling this is different depending on the nature of your network and needs, you can create this “walled garden” type approach by:

  • Installing zero trust enabled apps. Cloud apps like Microsoft Windows 365 require a sign on to access. The app continuously verifies employee identity throughout their time on the app.
  • Requiring a minimum of two-factor authentication to enter your company’s network through a mobile device. Two-factor authentication requires a password plus an additional form of ID, like a log in on a separate security app, or a fingerprint scan, or a code. With it, employee passwords are safe from all the intermediaries who might steal their credentials.
  • Get a Mobile Device Management System (MDM).  Mobile Device Management doesn’t necessarily have to “manage” and entire employee’s phone. It can compartmentalize and manage only those apps that connect to the company network. It’s the best of both worlds.
  • Install a Virtual Private Network (VPN) This service encrypts company data while in transi. It is considered key, whether an employee is using their company issued computer, or signing onto the company network through a phone or tablet. A VPN is standard, and one of the best ways to address security challenges to mobile devices.

Security Threats to Mobile Devices and Countermeasures to Defeat Them: Next Steps

If you’re interested in improving the cybersecurity posture of your employee’s mobile devices, you’ve got plenty of defensive tools at hand. In addition to the strategies we’ve mentioned above, there’s extensive employee training programs that can teach your employees the finer points of mobile device cybersecurity. A good managed IT service provider can help you set up the right MDM systems. Experienced IT consultants can address security threats to mobile devices and countermeasures to address them. Interested in finding out how? Contact us today for a free consultation!

 

Susan Gosselin is a Solutions Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as Technologyadvice.com, Datamation.com, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

The Futility of Firewalls

The Futility of Firewalls

You've been with her for ten years. Trips to the beach and making a mess while enjoying every moment, depressing runs to the grocery store because you forgot to buy bread, making it late to your friend's cookout. You've traveled great distances with her, and while not...

How to Develop a Network Security Policy

How to Develop a Network Security Policy

Developing a network security policy begins with establishing guidelines for creating, reviewing, revising, and retaining your information security policies and procedures. Since information is accessed and stored on your network, information security policy and...