+44 118 905 5000

Five top mobile security threats and how to protect against them.

Published: April 24, 2020

Business today takes place on a mobile device. Employees use them to check email, download and share files, and much more. And probably most importantly, mobile devices play a key role in connecting with customers and delivering engaging experiences.

Despite all their benefits, mobile devices make tempting targets for cybercriminals. In fact, our mobile-security research over the past three years shows a 41% increase* in the number of mobile-related compromises. It’s no wonder that tightening security remains a top concern for business leaders across virtually every industry.

Let’s take a quick look at five top threats you and your peers should be worried about:

Social engineering attacks

A social engineering attack may appear as an email from a co-worker or even a message built to look like an official company announcement that prompts you to take a specific action—one that ends with the attacker obtaining your login credentials.

To protect your business against such tactics, prepare employees by holding regular training sessions to teach them what to look for and the steps to take to help prevent being victimized. Also, a good rule of thumb for your organization as a whole is to use multifactor authentication. Doing so will give you an extra line of defense against a possible breach.

15%

of enterprise users encountered a mobile phishing link in Q3 2019.*

Cryptojacking

Cryptojacking occurs when attackers use the processing power of a compromised device, either its CPU or graphics processor, to mine cryptocurrencies. Once acquired, these cryptocurrencies can then be used for purchases or directly exchanged for government currency. Such attacks drain the compromised device’s battery power and can cause significant downtime and disruption to your business.

Cryptojacking is a newer threat, but there are still steps you can take to protect against it. Make sure you have a strong password policy in place; change all the default device passwords and avoid using the same ones again. A mobile device management system can also help by enabling you to lock down lost, stolen or compromised devices and plugging possible holes with patch updates.

Mobile malware

Mobile malware may be the most popular weapon in the cyberattacker arsenal, mainly because it’s so effective. Malware files typically infect your system via downloaded apps often disguised as helpful business tools. Many come through non-official stores or third-party websites, but sometimes malware finds its way into official apps stores.

The good news is that official app stores work constantly to improve their file-scanning capabilities and security filters to help detect more malware-ridden apps. There are a number of steps you can take as well, such as establishing internal policies to combat the security risks of “shadow IT” within your organization. These policies give you control over which apps employees can download and install on their mobile devices, especially from third-party sites. 

21%

of compromised organizations said that a rogue or unapproved app contributed to a security incident.*

Public Wi-Fi risks

Insecure network access pose a serious threat to any business. Hackers can use this to launch man-in-the-middle attacks or to set up rogue Wi-Fi hotspots or access points to infect devices or steal data. Despite the risks, many employees still use public Wi-Fi connections because they’re readily available and convenient to use.

It pays to be vigilant in educating employees about the risks from public Wi-Fi usage. Plus, you can take a zero-trust approach to public Wi-Fi, so employees only connect to preapproved access points and mobile hotspots. For an additional layer of security, consider encrypting all data sent over unsecured networks to protect it from possible interception. A data management solution also helps with security by providing full visibility into mobile traffic leaving and entering the network, so you can spot suspicious activity more quickly.

72%

of all employees used public Wi-Fi.*

Bring-your-own-device (BYOD) risks

BYOD initiatives open up the possibility of additional of unprotected or underprotected devices connecting to your network and accessing critical information that can easily fall into the wrong hands. Not to mention hackers using compromised devices as a means of causing more disruptions within your network as well.

A good way to get every employee on the same BYOD security page is to create an acceptable use policy (AUP). An AUP document will set up formal guidelines on how employees can use their devices within your business, such as what websites they can visit, the apps they can download, acceptable data volumes, compliance issues, steps to protect data and more. Get tips and suggestions on how to build your own AUP by downloading our guide here.

When it comes to mobile security, remember the employees.

The bottom line is that your employees will be the ones to measure ensure its success. Well-designed policies make it easier for employees to follow; poorly designed ones will cause employees to look for work-arounds, opening the door to all kinds of security risks.

Download our Mobile Security Index 2020 Report for additional insights into the risks you face and how to combat them.

*All stats are from the Verizon Mobile Security Index 2020 Report.