As offices and businesses around the world transition to mere mobile employee “pit stops,” the need for mobile devices at work is rampant. Checking emails from the local coffee shop, having access to MS-Office products in the palm of our hands―our phones are no longer only for making calls, they’ve evolved into our hand-held personal computers. With this, comes the storing of sensitive data so it’s easily available to us―emails, calendars, contact information, passwords, payment data, etc. While these features are great for the traveling or telecommuting employee, it’s also attractive to hackers.
Here are four ways phones are being attacked and some quick tips for how to avoid them:
This seems like a “no brainer,” but it’s worth noting. It’s much easier for a criminal to walk off with a phone than it is to unplug, disconnect and take off with your desktop computer or even your laptop. A cell phone can store large amounts of data, personal information, payment card data, passwords, etc. making it conveniently packaged for a thief to easily grab.
Prevention Tip: Be sure you have, at a minimum, an enforced password policy on all phones used by employees within your organization. Try for something more complicated than 1-2-3-4 or 0-0-0-0. Even better, consider implementing a MDM (mobile device management) software that will allow the IT Department to remotely lock, wipe and protect any missing devices belonging to your organization. Have a policy in place that requires users to notify IT immediately if they have misplaced or lost the device.
Not every software application, or app, you download is secure. Remember that anyone can develop a mobile app and they aren’t always fully evaluated for their safety. An employee may download a news app that seems legitimate but it is actually giving thieves access to his/her mobile device data. And to make matters worse, if one phone is compromised on your wireless network, a hacker may now be able to breach the organization’s perimeter and directly attack other devices on the network using the infected phone as a gateway.
If the phone has been “jailbroken,” or had the operating system altered in order to install programs or run software, it is even more susceptible to hacking via app downloads.
Prevention Tip: Make sure your employees are not using jailbroken or “rooted” phones at work and consider disabling the ability to download apps (if the phone is company owned.) If devices are personally owned, encourage users to do a little research before downloading each and every app that comes out.
Smartphones are not exempt from vulnerabilities and attacks. Mobile software platforms have been exploited for years in order to cause phone software to crash, eavesdrop and conduct cyberattacks. Some attacks are triggered via malicious links that exploit web browser vulnerabilities.
Prevention Tip: Make sure if your employees are using mobile devices for work (whether they are personally owned or property of your company) that the software is up-to-date on security patches. Disable interfaces that aren’t necessary for use at work – Wi-Fi, Infrared, and Bluetooth. Attackers can exploit vulnerabilities in software that use these interfaces.
Phishing attacks are commonly found in emails in which the sender attempts to trick the recipient into providing personal or financial information. If you’ve got email enabled on your smartphone, the risk exists. You are also at risk for receiving “smishing” hacks, or phishing attempts via text to your mobile device.
Prevention Tip: Your best bet for avoiding these types of attacks? Educate your users. Make sure employees are aware and “on the lookout” for any suspicious communication (calls, emails, texts) to their mobile device. Train your employees to think twice before entering or providing sensitive information to anyone.
Losing a phone is more than just losing your contacts and photo albums. Our phones now contain so much more―banking information in payment applications, personal health information, our business files and documents, GPS locations, passwords, etc. Attackers can now steal, reveal and sell this information once they have access to the device. There is a common misconception today that our phones are safer and more secure than our computers, it is important to remember that this is not so. Google’s Android operating system and Apple’s iOS are attacked daily; no one smartphone or operating system is completely safe. As our technologies, gadgets and tools evolve, so do the hackers and techniques that breach them. As we continue to store more and more of our personal and business information on our phones, hackers become only more enticed and motivated to access this data.