Today’s smartphones and tablets are practically mobile computers, so it’s no wonder they’re increasingly being used in business as handier alternatives to laptops and desktops. Cybercriminals know this. In Q1 2021, cybersecurity giant Kaspersky noted over 1.4 million mobile malware installers, although this figure went down to 886,105 by Q2 2021.
But malware is just one of several security threats to mobile users today. Here are five of the most common mobile security risks and how to prevent them from endangering your business.
Mobile malware
Smartphones and tablets can be infected by viruses, Trojans, and other types of malicious software. These programs can do many things, such as disrupt key functionalities, delete files, or enable cybercriminals to access and steal the data stored in the infected mobile device.
As per the above report from Kaspersky, the most common mobile malware detected in Q2 2021 were riskware and adware. Riskware isn’t necessarily dangerous on its own, but it can terminate processes in your device and enable potentially dangerous applications to remain undetectable. Adware, on the other hand, automatically generates advertisements that may lead to malware-laden webpages.
Threat actors develop malware and disseminate these software via methods like phishing and malicious ads. Once malware infects devices, the bad software spreads like contagion when they come into contact with other computers, mobile devices, and storage media. To prevent your device from getting infected, avoid the following practices:
- Downloading files from unknown or untrustworthy sources
- Clicking on online ads or on links in spam or suspicious emails
- Using unvetted storage media like flash drives and memory cards
Equip your mobile devices with anti-malware software, as this will detect and isolate dangerous programs before they can wreak havoc. Finally, make sure to install only applications from official app stores like Google Play Store and Apple App Store, as some innocuous-looking apps on third-party websites may actually be harboring malware.
In Q1 2021, cybersecurity giant Kaspersky noted over 1.4 million mobile malware installers.
Social engineering
This refers to tactics that cybercriminals use to trick victims into divulging sensitive information, downloading malware, or transferring money to fraudulent bank accounts. Social engineering covers crimes like phishing, smishing, and business email compromise (BEC) attacks.
You can equip your mobile devices with email filters to reduce the risk of spam and phishing emails reaching your inbox, especially if they contain malware. However, filters can do little to counter more sophisticated attacks like BEC, as these look like legitimate messages and do not contain dangerous links or software.
Because of this, the best way to combat social engineering attacks is to educate your staff on how to recognize fake from legitimate messages. Also, require employees to verify any request for money or information by contacting the sender through a phone call or any method other than email or SMS.
Unsecured Wi-Fi
Mobile devices allow users to work anytime and anywhere, but this can work against your company if your employees connect to unsecured public Wi-Fi networks, such as those in cafes, libraries, and airports. Public Wi-Fi networks are problematic for the following reasons:
- Cybercriminals can hack into them and steal business data coming to and from your staff’s mobile devices.
- The data in public Wi-Fi networks are seldom encrypted, making it much easier for crooks to steal them.
- Cybercriminals can set up authentic-looking Wi-Fi networks that are actually traps designed to steal sensitive data.
Discourage your staff from connecting to public Wi-Fi as much as possible. If they really must, though, encourage them to visit only websites that start with HTTPS and not HTTP. The HTTPS extension means any data exchanged between the website and your employees’ devices are encrypted and secured.
If your company can afford it, provide your staff with a mobile data allowance so they don’t have to connect to public networks when working outside the office. Finally, equip your employees’ mobile devices with a virtual private network solution to reduce the risk of crooks intercepting valuable company data.
Weak passwords
Poor password habits make your company susceptible to data beaches and theft. These habits include:
- Using weak and predictable passwords, such as “password1234” or the user’s name
- Assigning a single password to multiple online accounts
- Reusing passwords from old online accounts for new ones
- Writing down password reminders in easy-to-find notebooks, memo pads, and text files
Remind your staff to always follow password best practices, such as crafting lengthy, unique, and complex passwords. Alternatively, you can utilize a password manager, which allows users to generate and store strong passwords for any online account. With this app, users have to memorize just a single master password instead of multiple login credentials.
Another handy solution to this issue is to enable multifactor authentication (MFA), which requires users to present multiple proofs of identity before they can log into an account. Different types of proof could be something users have (e.g., a physical security key), something they know (e.g., security answer), or something they are (e.g., biometric data).
Lost or stolen devices
Because mobile devices are portable, they are also extremely easy to lose or get stolen. Once the device is in the hands of a malicious third party, it’s possible for data stored inside to be extracted, putting your company at risk of a data breach.
To prevent this, set up the device with a mobile device management (MDM) solution. MDM gives you control over how your business’s data is accessed and used in the mobile device. Should the device be lost or stolen, your MDM solution may track the device’s location or erase all business data inside it.
Furthermore, you can use encryption solutions to scramble sensitive data on a company-registered mobile device. Even if the device were stolen, unauthorized users won’t be able to access any data stored within without a decryption key.
Mobile security threats pose serious risks, but you can take steps to protect your staff and your company from them. Our cybersecurity specialists at Quicktech can set your company up with the latest and strongest mobile security solutions available today. Read about the cybersecurity solutions you need for your business by downloading this free eBook.