4 Ways Mobile Phones are Being Hacked and Tips to Avoid Them
Lindsey Donato, PMP, CISA
As offices and businesses around the world transition to mere mobile employee “pit stops," the need for mobile devices at work is rampant. Checking emails from the local coffee shop, having access to MS-Office products in the palm of our hands―our phones are no longer only for making calls, they’ve evolved into our hand-held personal computers. With this, comes the storing of sensitive data so it's easily available to us―emails, calendars, contact information, passwords, payment data, etc. While these features are great for the traveling or telecommuting employee, it’s also attractive to hackers.
Here are 4 ways phones are being attacked and some quick tips for how to avoid them:
Cyber Risk 1: Actual theft
This seems like a “no brainer,” but it’s worth noting. It’s much easier for a criminal to walk off with a phone than it is to unplug, disconnect and take off with your desktop computer or even your laptop. A cell phone can store large amounts of data, personal information, payment card data, passwords, etc. making it conveniently packaged for a thief to easily grab.
Prevention Tip: Be sure you have, at a minimum, an enforced password policy on all phones used by employees within your organization. Try for something more complicated than 1-2-3-4 or 0-0-0-0. Even better, consider implementing a MDM (mobile device management) software that will allow the IT Department to remotely lock, wipe and protect any missing devices belonging to your organization. Have a policy in place that requires users to notify IT immediately if they have misplaced or lost the device.
Cyber Risk 2: Apps
Not every software application, or app, you download is secure. Remember that anyone can develop a mobile app and they aren’t always fully evaluated for their safety. An employee may download a news app that seems legitimate but it is actually giving thieves access to his/her mobile device data. And to make matters worse, if one phone is compromised on your wireless network, a hacker may now be able to breach the organization’s perimeter and directly attack other devices on the network using the infected phone as a gateway.
If the phone has been “jailbroken,” or had the operating system altered in order to install programs or run software, it is even more susceptible to hacking via app downloads.
Prevention Tip: Make sure your employees are not using jailbroken or “rooted” phones at work and consider disabling the ability to download apps (if the phone is company owned.) If devices are personally owned, encourage users to do a little research before downloading each and every app that comes out.
Cyber Risk 3: Software Vulnerabilities
Smartphones are not exempt from vulnerabilities and attacks. Mobile software platforms have been exploited for years in order to cause phone software to crash, eavesdrop and conduct cyberattacks. Some attacks are triggered via malicious links that exploit web browser vulnerabilities.
Prevention Tip: Make sure if your employees are using mobile devices for work (whether they are personally owned or property of your company) that the software is up-to-date on security patches. Disable interfaces that aren’t necessary for use at work – Wi-Fi, Infrared, and Bluetooth. Attackers can exploit vulnerabilities in software that use these interfaces.
Cyber Risk 4: Phishing
Phishing attacks are commonly found in emails in which the sender attempts to trick the recipient into providing personal or financial information. If you’ve got email enabled on your smartphone, the risk exists. You are also at risk for receiving “smishing” hacks, or phishing attempts via text to your mobile device.
Prevention Tip: Your best bet for avoiding these types of attacks? Educate your users. Make sure employees are aware and “on the lookout” for any suspicious communication (calls, emails, texts) to their mobile device. Train your employees to think twice before entering or providing sensitive information to anyone.
Losing a phone is more than just losing your contacts and photo albums. Our phones now contain so much more―banking information in payment applications, personal health information, our business files and documents, GPS locations, passwords, etc. Attackers can now steal, reveal and sell this information once they have access to the device. There is a common misconception today that our phones are safer and more secure than our computers, it is important to remember that this is not so. Google’s Android operating system and Apple’s iOS are attacked daily; no one smartphone or operating system is completely safe. As our technologies, gadgets and tools evolve, so do the hackers and techniques that breach them. As we continue to store more and more of our personal and business information on our phones, hackers become only more enticed and motivated to access this data.
Additional Cybersecurity Resources from BlumShapiro:
- Our Cybersecurity Webinar and Checklist provides cybersecurity best practices for your organization
- Ransomware has affected countless people and businesses, learn about the new Ransomware Pandemic
- Do you outsource IT services or software? Are you sure you are "all set" when it comes to security?
How BlumShapiro's Cybersecurity Team Can Help: Could your organization be vulnerable to a cyber attack? What is your current exposure? How would your business continue to function in the event of a breach? Our cybersecurity experts can help you address the vulnerabilities and risks your organization faces against cyber security threats. Remember, the costs of developing a security strategy you feel confident about are minor compared to the potential financial and reputation risk if an attack or breach occurs. Learn more about our cybersecurity services >