These days mobile devices are everywhere. We take these devices to work, relax with them before bed, and read the news on them during breakfast. While the overwhelming majority of companies don’t issue employees their own company provided mobile devices, employees can’t help but bring them to work anyway. Inevitably, these devices are used for work itself, giving a potential advantage to employees’ ability to stay mobile, productive, and in contact with their workplace anywhere they go. These versatile devices can store the same data and run the same programs in use on desktop computers, giving the tools to perform daily tasks and also presenting a unique security risk that’s only recently entered the world of IT security.
These devices, while useful, are usually personal assets not managed by IT security. As a result, they can be left open to malicious intrusion and give attackers an easy backdoor into sensitive information or even the company’s network or assets. Many of these attacks can be avoided by simply informing employees of basic security practices involving mobile devices. Mobile device management on a macro scale can easily be handled before security becomes a concern.
Risks and Solutions
One of the most easily avoided threats to mobile devices is just as prevalent on computers as it is on smartphones and tablets. Malware can range from a minor annoyance to a system destroying terror, procuring sensitive information and compromising the device. While these threats are usually not serious, most commonly manifesting as intrusive advertisements or spam, they can be much more serious. Fortunately, users can protect their devices from these threats by avoiding opening links or downloads from unknown sources. Much like on a computer, malware most often affects users that are careless with their web browsing habits. In addition, anti-malware software is available for phones and tablets, but the most effective method of prevention is informative browsing of the web.
As mobile devices connection to the internet is exclusively via WiFi, cell phones and tablets are particularly vulnerable to communication interception over a WiFi network. These attacks vary in implementation but the end result is to obtain data for phishing or gain access to the device itself. Businesses that use WiFi hotspots with a login page offer viable methods of entry via hotspot spoofing. Advanced attacks can intercept and decrypt information sent from a mobile device, offering attackers multiple avenues to sensitive information on the device. The best method of prevention here starts with well-rounded best security practices on a company level, with a focus on network infrastructure security. WiFi hotspots should be properly secured and extra precautions need to be taken to ensure total end-to-end security. Users themselves need to be made aware of these types of attacks and be given specific instructions for connected devices for work.
The most serious threat to mobile device security in the workplace is one that’s been a long running tradition in the malicious hacking community. Human intervention can range from simple carelessness to targeted social engineering attacks on sensitive data.
The casual nature of mobile devices invites risky activities that threaten sensitive information. The ease with which critical data can be moved to a mobile device to be worked on later provides an easy entry for leaks and intrusions. The wide proliferation of cloud services and storage gives an avenue for accidental data leaks. Uploading sensitive data could be entirely unintentional through an automatic application or service. This kind of compromised data may go entirely unnoticed and is the result of lax security and information for employees. Regardless, the threat is all too real and has resulted in leaked information, intellectual property, and sensitive material.
Maliciously orchestrated social engineering attacks can target mobile device users just as easily as traditional company assets. Being given access to someone’s phone for a quick phone call or text message is all that’s needed for data to be compromised. The ease of accessibility that mobile devices provide give hackers an open door way when care isn’t taken to prevent its occurrence.
The solution to these threats is the same as it’s always been. Careful monitoring of data sent over the network and clear security procedures when it comes to mobile devices will stop the vast majority of human-based mobile device attacks.
Small Device, Big Threats
Mobile devices are here to stay and their use in the workplace will inevitably continue. Businesses need to be prepared to handle the security threats they represent. Apathy towards the risks they present will guarantee a compromise in security. The methods and guidelines used to protect company’s sensitive data on a mobile device are nearly identical to those use on traditional company assets. So long as care is taken to avoid these risks, mobile devices give employees a powerful tool to increase productivity and maximize efficiency.