Threats to mobile device security are becoming both more sophisticated and increasing in number. As companies rely more on mobile devices for work purposes, business owners and managers such as yourself must gain the upper hand against current malicious activities before they can ever hope to defend against the barrage to come. Here are four threats you must become aware and gain a better understanding of:
Electronic mail is a regular part of our lives, so much so that we increasingly open and send emails over our mobile phones. When we open legitimate-looking emails, we’re more vulnerable to the bad hyperlinks they contain because we can’t hover over the link and verify their underlying web addresses. Those who tap the malicious links are led to fake websites and are then asked to log in — and the ones who do so unwittingly hand over their access credentials to identity thieves.
To counter the threat of email phishing via mobile devices, teach your staff to never tap links in emails. And if ever they have to go to a website because an email message urges them to, they must always enter the website’s URL in their web browser manually.
Free public Wi-Fi
Cellular data costs can run high if we’re not careful, so we’re eager to latch onto Wi-Fi connections. Thing is, free public Wi-Fi — the type that’s offered in cafes and airports — are unsecured and allow hackers to launch man-in-the-middle exploits to “eavesdrop” on our online activities. This means that when your staff connect to public Wi-Fi to collaborate on documents, make internet calls, or reply to their work emails, hackers may be on the same network, listening in.
To prevent this, discourage your staff from using public Wi-Fi, especially when they’re accessing company emails and personal bank accounts. If and when they have to use public Wi-Fi, have them use virtual private networks (VPNs). VPNs encrypt the communications between your company network and their mobile devices, making data unreadable to those unauthorized to receive it.
Fake public Wi-Fi
Instead of waiting to intercept data along public Wi-Fi connections, hackers can now actually set up fake internet access points. They’ll provide it in areas where legitimate public Wi-Fi is available and use seemingly harmless names such as “Free Wi-Fi,” and actually let people connect to the internet for free. The catch here is that hackers can monitor users’ online activities and capture their unencrypted login credentials.
Since more websites are now adopting protocols that encrypt data such as login credentials, savvier hackers require would-be users of their fake Wi-Fi to create an account before the latter are granted internet access. Hackers do this in the hopes that users will submit the same username-and-password combinations they use for their email, social media, eCommerce, and online banking accounts.
Since it’s hard to tell fake public Wi-Fi hotspots from legitimate ones, tell your staff to assume they’re in the former. As such, while they are using free public connections, they must refrain from sharing sensitive personal and company information. And when they’re prompted to create an account, they must either provide unique access credentials or just do without the internet connection.
Bad mobile apps
Apps let users accomplish tasks that are particular to their function. A few examples are ride-hailing apps that let us book a ride to work, and text-editing apps that allow us to write our progress reports. Countless mobile apps are available for download in app stores, and some are inherently problematic because of the following factors:
In the hurry to release apps, developers might either use outdated cryptography or improperly implement strong cryptography. Either one can leave “back doors” where cybercriminals can enter and cause trouble for app users.
Improper session handling
Instead of making mobile device users authenticate their identity each time they make a transaction, apps make use of “tokens,” which are like passwords but used for identifying devices. For each access attempt or “session,” secure apps generate new tokens and keep these confidential. However, due to programming flaws, unsecure apps unintentionally let bad actors get their hands on session tokens and use these to impersonate the users the tokens represent.
We tend to get annoyed when our mobile device asks us if we’d like to grant apps access to its camera, speaker, and location data. However, this is a good thing because we get to control the data we share with our apps. And if an app makes suspicious permissions requests (such as a calculator app wanting to know where you are), you can — and must — delete that app immediately.
Problems start when we grant apps sweeping permissions. These apps may work as we expect them to, but some of them also gather personal and company data into a server and sell such data to advertisers and cybercriminals.
Your business can’t afford to have lax cybersecurity measures for your IT assets, be they on-site machines or the mobile devices your staff use. Contact our experts at ZENOPS today to learn how our state-of-the-art solutions will protect you from current and incoming cyberthreats.