While safeguarding our computers is widely recognized as essential, what about the devices that often accompany us from the moment we wake up? Discover more about mobile threats and learn how to effectively protect yourself from them.
We entrust our phones with almost everything – from calendars and shopping lists to both private and work-related conversations. One might assume that we prioritize the security of our mobile devices with the utmost diligence. But is that the case? Here are just a few numbers from a recent report by Verizon:
- Many people underestimate mobile threats: nearly half of users (49%) believe that clicking on a malicious link or an attachment can negatively affect only their own device
- An average user is 6–10 times more likely to fall victim to SMS phishing attacks compared to email-based attacks
- In a single device, people often combine their personal and work lives – including their data. 78% of users use work devices for personal activities, and 72% of users utilize personal devices for work activities
All these facts make mobile devices a fertile ground for attackers who are doing their best to use our phones as a gateway to their malicious goals. How can you stay protected? Getting to know the potential dangers is the right place to start.
Common mobile threats
Phishing (and smishing or vishing)
Attackers use social engineering techniques to lure individuals into clicking on malicious links, sharing personal information, downloading malware, or providing account details – via email (phishing), SMS (smishing), or calls (vishing).
SIM hijacking
SIM hijacking happens if an attacker uses personal details found online to take up the role of someone else and, by contacting a telecom provider, they redirect your calls or messages to their own device – giving them easy access to your data.
Malicious apps
Disguised as legitimate applications, these apps are often downloaded inadvertently from unofficial sources such as third-party app stores or websites, or through phishing emails luring victims to visit those app stores and websites. Once installed on a device, these malicious apps can carry out a variety of harmful actions, including data theft, financial fraud, or acting as spyware.
Fake banking apps
This is one specific, especially dangerous type of malicious app. If you unknowingly download and install a fake banking app, you might input sensitive information such as login credentials, account numbers, and other personal data into it, unintentionally handing the information over to cybercriminals.
Fake credit loan apps
Deceptive apps that pose as legitimate lenders offering high-interest-rate loans are created by cybercriminals to collect victims' personal and financial information. They can then exploit the gathered data for identity theft, financial fraud, or other malicious activities.
Ransomware
During a ransomware attack, cybercriminals may encrypt your files and ask for a payment. They may claim that if you agree to their demands, they will give you a decryption key. Unfortunately, that is not always the case.
Weak physical security
Weak authentication methods are a great issue – especially if you tend to keep your phone unattended. When getting a hold of your device, cyber criminals may then easily get to your data or payment information and use it as they please. Similarly, if you lose your device and it is insufficiently protected, you may not only jeopardize your own cybersecurity, but also that of your company.
Unsecured Wi-Fi
If you use a public Wi-Fi, for example in a hotel or a café, you may become the target of a man-in-the-middle (MITM) attack, during which an attacker intercepts the communication between your handset and the intended website you want to connect to.
What if you have an iPhone?
There are still some people who believe Apple phones are completely immune to threats. But is that so? The ongoing debate surrounding Android and iOS security predominantly revolves around app store policies and device restrictions. Although both platforms confront security challenges, Android is often deemed more susceptible due to its open-source nature, allowing a higher prevalence of malicious apps.
On the other hand, Android allows its users to set and work through two profiles, one for professional use and another for personal purposes. This feature serves as a notable security benefit. On the other side, Apple maintains a stringent app review process and operates within a closed ecosystem with regular updates, fostering a more controlled environment. While this approach potentially reduces the risk of certain threats, it does not render iPhones completely immune. Users should exercise vigilance.
In conclusion, regardless of the mobile platform, you should encourage your company’s employees to adopt comprehensive security practices and protect themselves – as well as their employer – against evolving threats. By understanding the risks and preventive measures, they can protect the confidentiality and integrity of sensitive data and contribute to your company’s secure mobile environment.
Prevention: How can you mitigate the risks?
Mobile threats require a proactive approach. Here's a step-by-step guide that everyone in the company should know about and employ to protect their mobile phones from cybercriminals.
1. Strong authentication: Set up a strong, unique password for device access and important apps. Consider using a combination of biometric authentication and codes, passphrases, or gestures.
2. Regular software updates: Ensure your device's operating system and apps are up to date. Regular updates often include security patches that address and patch vulnerabilities.
3. Encryption: Enable device encryption to safeguard data in case of loss or theft.
4. Multi-factor authentication (MFA): Enable MFA wherever possible. This adds an extra layer of security, requiring additional verification steps beyond just a password.
5. Network security: Avoid connecting to unsecured Wi-Fi networks. Use virtual private networks (VPNs) to encrypt your data and maintain a secure connection.
And what can you, as an IT admin, do to help?
1. Education: Improve your colleagues’ digital security awareness by informing them not only about mobile threats but also other important cybersecurity topics, such as the importance of strong passwords or the dangers of phishing attacks.
2. Mobile Device Management (MDM): Implement a sturdy MDM solution to secure the use of corporate data on mobile devices. MDM allows businesses to enforce security policies, track devices, and remotely wipe data in case of loss or theft.
3. Mobile security solution: Invest in a reputable mobile security solution. This is a helpful tool that can detect and mitigate various threats, providing an essential layer of defense against evolving attack vectors.
