Many workers routinely access corporate data from mobile devices thanks to the rise of remote working and our increasing reliance on these devices. However, the focus on mobile security can get lost as most organizations tend to focus on securing their servers and desktop computers. Threat actors are always expanding their range of attacks and security threats against mobile devices are increasing. A recent study from Check Point found that mobile banking malware has increased over 50% this year. As more organizations use mobile devices for work there are an increasing number of mobile security threats to consider.
Source: Check Point
4 Types of Mobile Security Threats
1. Data Leakage
Data leakage is when unauthorized parties gain access to corporate data. Data leakage is a serious issue as it can affect compliance and cause serious damage to organizations. Data leakage can occur through various ways, such as transmitting data using public WiFi or allowing a risky app access to your device.
Spyware infects mobile devices for the purpose of spying on a user’s activity through the device’s camera, microphone or GPS location. Spyware infects devices through malicious links via email or SMS. Spyware apps can also be found in mobile app stores and are often marketed to keep track of children, employees or partners. Devices that are infected with spyware can have stored images and videos accessed by unauthorized parties, have phone calls eavesdropped or recorded and/or have the device activity monitored by others.
Users jailbreak phones in order to gain more control over the device and add customizations. Jailbreaking allows direct access to capabilities that are normally locked such as file systems and the user interface design. Users can also install unauthorized third-party apps by jailbreaking their phone. Jailbreaking is risky because it removes the security restrictions on your device and can give malicious actors direct root access to your device.
4. Insecure and Fake apps
Apps are vital to our mobile devices but not all mobile apps are safe. Some apps don’t have proper security protocols installed, leaving the data you have in the app vulnerable. Some apps may also require permissions to access your personal data.
Fake apps are designed to look like legitimate apps in order to trick users into downloading them. The purpose of these apps is to steal data like financial accounts, passwords and more. It’s important to ensure that you only install authorized apps onto your mobile device.
4 Ways to Protect Against Mobile Security Threats
1. Update your software
Failing to update your mobile device will leave it vulnerable to unpatched vulnerabilities. All apps and operating systems should consistently be updated. Check your settings to see if you can turn on automatic updates or set a reminder once a week to manually check if your apps/OS needs to be updated.
2. Employ mobile security
Mobile devices are easy to lose which is why using basic mobile security like implementing a good passcode for your lock screen is important. Most mobile devices don’t come with additional security to protect against evolving threats. Installing endpoint security and a firewall for your device will provide advanced security to help protect devices.
3. Create and enforce a corporate mobile policy
The first step in managing mobile security is to have a mobile device policy in place. Your policy should cover acceptable use of mobile devices, such as the types of apps allowed for work, how to upload and access documents and how to report stolen devices. Each employee should have a copy of the policy for reference and sign it before using a corporate mobile device. Penalties (such as fines or warnings) should be in place for those that fail to adhere to the policy.
4. Read the end user agreement
Before you install an app, it’s important to make sure you review the terms and conditions. It’s important to understand what permissions you’re giving developers when you use their apps.