Unfortunately, when consumers (and many companies) think cyber security, they don’t think past their own computer systems and networks. But what of mobile security? Mobile phones have become so integral to our daily lives, that their loss means gigabytes of personal emails, contact details, and banking details are up for grabs. This data makes mobile devices a gold mine for hackers who need this information not only for their own personal gain, but to then on-sell these details to other cyber criminals. Companies that already face a tough time securing their own systems, must now also learn to recognise and defend against these threats which will now target their employee via ‘new’ channels.
Bring Your Own Hacker Device (B.Y.OD).
The trend of BYOD has many potential benefits, such as lowered technology supply costs and increased collaboration, however it also introduces many security risks. For example, apps for everything from running accounting software to managing websites are now commonly used, however the App markets for both Android and iOS have become a virtual minefield.
Duck, duck, malware.
According to Symantec, 17% of Android apps are malware in disguise, and a further 36% were classified as ‘grayware’, which can track user behaviour. While consumers may not be fazed by these numbers, companies that support BYOD are putting their businesses at risk, as any emails, phone calls or documents sent over corrupted personal mobile devices can ultimately end up in the hands of cyber criminals.
iOS devices are also not impenetrable. The recent malware attack on iOS, resulting in more than 250,000 accounts being hijacked, has shown that users are often their own enemy when they sacrifice security for convenience.
So what can users and company do to create a safer environment for the data stored on mobile devices?
ANSWER: Secure all the things!
Put a PIN in it!
Most devices these days have the technical capability to support PINs and even biometric readers to scan fingerprints. Use them! Users who fail to employ these mechanisms are increasing the risk of stolen phones being easily accessed. Say goodbye to those banking details you saved in ‘Notes’! Already using a pin? Great! Make sure it’s not 1234 or 0000 as these are the most frequently used and the easiest to guess. So get creative.
There’s an app for that!
You have security software for your PC, now get it on your phone. There are hundreds of security apps on the market, take your pick from the bigshots like Norton, or try out Avira Antivirus Security which will scan your apps for malware, help keep you off unsecure sites and can help find your lost phone or tablet.
Let’s Get Down to Business
Companies that either dish out devices to staff as a perk or for ‘business purposes only’ will also need to be a bit more savvy with their security.
Email policy for mobiles
This is a must for every company, no matter the size. It is the backbone of how your employees engage with the emails they receive, guidelines on who they can and can’t open emails from at work, as well as the specifics on the type of attachments they can download.
If you didn’t know already: Attachments like PDFs, Docs, (or heaven forbid) Zips, are common carriers of malware and other malicious code that is activated when you read the document. Find out more here.
If your company already allows BYODs or is flirting with the idea make sure you do a pros and cons of the situation to determine that it is right for your company. From there you should start to build a policy covering everything from making sure every device has security software, to in-depth training for staff on how to identify cyber threats to ensure they stop the attack before it can occur, etc. Ernest & Young have created a great whitepaper on “Insights on governance, risk and compliance” for BYOD which is a great starting point.
Read Our Latest Blogs