Mobile security threats are now more pressing than ever before. Everyone has a mobile device at work, so how can enterprises ensure they remain secure? Most companies have a security infrastructure for on-premise servers, networks, and endpoints, yet 83% of enterprises are complacent about mobile security. Smartphones have become prevalent within enterprises in recent years making them an appealing target for cyber criminals.

Nearly all employees routinely access corporate data from the palm of their hands. Meaning keeping sensitive data out of a hacker’s hands is a continuous battle. As a result, organizations are finding it challenging to maintain control over networks that employees use to interact with a wide range of sensitive data. Employees are working on mobile devices everywhere, and those devices are using apps 87% of the time. Along with interacting with Wi-Fi networks and cloud services that are beyond organizational reach. Thus, it has become crucial to ensure users and enterprise data are secure by introducing a mobile management implementation to manage activity.

How big is the problem?

Verizon Mobile Security Index 2018 Report highlighted the risks of mobile use within organizations. 600 professionals were interviewed and involved in procuring and managing mobile devices for their organizations. The findings have suggested that over a quarter of organizations had suffered a mobile security incident that had resulted in data loss or downtime in the last year. Many described as major, with lasting repercussions. Bigger companies were more likely to have suffered from an incident. When customers, suppliers and competitors were asked if they had experienced data loss, 62% agreed. It is no surprise that 93% of those interviewed thought that organizations should be taking mobile security more seriously.

Organizations are failing to take precautions

79% of enterprises consider their employees to be the most significant security threat. The threat behind employees using mobile devices, is the ability to access financial or personal information under insecure circumstances.  Employees are capable of exposing themselves unknowingly to malicious insecure networks.  Networks such as public Wi-Fi, downloaded unapproved apps from the internet, set access restrictions, weak passwords or even not setting a lock-screen pin, all pose threats.

32% of enterprises have sacrificed security for expediency and business performance leading to 45% of them suffering data loss or downtime. During the past year their companies had experienced a security incident resulting in data loss and system downtime. Here mobile devices played a key role. Simply because implementations were not followed. Compliance factors such as changing default passwords, authentication on mobile devices, not having a policy for the use of public Wi-Fi, and not restricting which apps employees download from the internet were all considered problematic.

Mobile Security Threats

Source: Verizon Mobile Security Index Report 2018

89% of enterprises are relying on just a single security practice to keep their mobile network safe. Majority of enterprises are relying on just one security practice to protect their networks. Most do not consider that multiple security practices are extremely necessary. Such as, default password changes, and encryption of the transmission of sensitive data across open, public networks.

Mobile Security Threats

Source: Verizon Mobile Security Index Report 2018

Just 49% of enterprises have a policy regarding the use of public wifi, and even fewer encrypt the transmission of sensitive data across open, public networks. 71% of respondents use public Wi-Fi networks for work tasks, despite their companies prohibiting use. Also, nearly 1 in 3 of enterprises are taking these risks for convenience and business performance.

Mobile Security Threats

Source: Verizon Mobile Security Index Report 2018

Cyber criminals are not always particular about who they are targeting. Rather, if they can gain monetary funds from it. Appealing personal information can be used to commit identity theft or gain access to accounts on other systems. Payment card data and bank account information can also give a direct route to money. Yet, many fail to take simple security precautions into consideration.

Mobile security threats to be aware of:

  • Data leakage – result of user error. It can be a result from transferring company files onto a public cloud, posting confidential info in the wrong place, or forwarding an email to an unintended recipient. Users typically make questionable decisions about which apps are able to see and transfer their information. Data loss prevention (DLP) tools are the most effective form of protection for this.
  • Social engineering – 90% of data breaches are a result of phishing and users are more vulnerable to phishing from mobile devices than from desktops. Individuals who have fallen for phishing attacks are more likely to be phished again. Due to the rise of BYOD (bring your own device) work environments, there is no line between work and personal activity. Employees view multiple inboxes that are connected to a combination of work and personal accounts. This draws a huge concern for enterprises.
  • Wi-Fi interference – a mobile device is only as secure as the network through which it is transmitting data. When a connection is made to an open and insecure network, many attacks can occur.
  • Out-of-date devices – smartphones, tablets and small connected devices pose a threat to enterprise security because they don’t always come with guarantees of timely and ongoing software updates. Specifically, for those who have Androids. Having a policy is important.
  • Physical device data breaches – a lost, or stolen device becomes an extreme threat, especially if it does not have password and full data encryption.

That being said, it is crucial that enterprises focus on elevating their mobile security structure and provide employees with knowledge about their usage.  Leaving the responsibility in users’ hands is not enough. Rather than making assumptions, make policies. Make sure that your business is secure and protected, you will certainly thank yourself later.

Mobile Security Threats

How to protect yourself against mobile security threats and take control

Despite the risks, companies are not taking the proper steps to help them manage mobile devices and people securely. Mobile security threats are evolving, having the proper training is highly recommended and should happen more consistently.

Take control by incorporating Enterprise Mobile Management (EMM). This is the ideal way to decrease enterprise risk caused by takeover of mobile endpoints that touch the corporate network. Partition is needed so that it can be regarded as being ‘owned’ by the business and can then be deleted should the device be stolen or lost, or when an employee leaves the organization. This is the ideal way to decrease enterprise risk.

Deploy mobile security in the enterprise by having control over mobile devices, even if they are personal ones. Mobile devices can easily become exposed to risks and security threats due to non-compliant apps that leak data and vulnerabilities in device operating systems. Therefore, creating device partitions becomes of utmost importance.

Having a mobile security threats strategy is beneficial for the devices and for protecting corporate data, applications and users. Departments must be involved in assessing where information is kept in order to stop information form going missing or becoming compromised. Enterprises should instill procedures and policies that consider mobile access limits. As well as data limitations and password practices, especially for those who use their personal devices for work. It only takes one device or mistake to take down an entire network. Businesses need to have a solution in place which can prevent this from happening and ensure employees are practicing strong security hygiene.

While threats evolve, it is imperative that enterprises comply with the current trends of hackers. Cyber criminals require organizations to move more strategically towards an approach that focuses on detecting and responding to mobile attacks. Devices that put businesses at risk need to protect corporate networks regardless of the use of personal devices.Take the time to encourage your employees to take cautious measures when using their personal mobile phones for work related initiatives. Compliance and understanding of employees are needed as well as endpoint security solutions.