Know the seven main threats and how to defend your company against them

Key takeaways:

  • Phones and tablets face some different cybersecurity threats than desktop and laptop computers. 
  • There are four different types of threats from apps, the web, public WiFi, and lost and stolen devices.
  • Some threats are hard to detect on mobile devices, which makes proactive protection even more important.
  • Encryption is a big issue, which means implementing end-to-end encryption is vital.
  • Devices like the Apple Watch Alexa could be connected to your network without your knowledge, but mobile device management tools can stop that.  

The increase in the number of remote workers recently has highlighted cybersecurity risks at companies. More employees are now accessing company systems from remote devices like phones, making securing phones and tablets a priority. Malicious actors can easily target mobile devices. 

Malware is one of the most common threats to mobile devices. And, as the number of users employing these devices has increased, cybercriminals have caught on and have emerged with even more new threats. Human error is blamed for 52% of security breaches, which means beefing up cybersecurity and offering continuous training to employees is essential. First, you need to know what these threats are, and then we’ll discuss the best practices for securing these devices. 

More than likely, you’ve already implemented cybersecurity initiatives for laptop and desktop computers at work. If you have remote workers, you know that they might be using their personal devices on the company’s network, leaving it open to hacks. Let’s talk about threats that are specific to your employees’ phones and tablets, and how you can make them as secure as possible. 

The different types of mobile security threats

When employers sent staff home to work at the beginning of the pandemic, mobile usage jumped. Unfortunately, cybercriminals took notice – there was a 37% rise in phishing attempts on mobile devices. Cyberattack attempts are much harder to identify on phones and tablets.

Vishing (voice phishing) has also become a mobile security threat. The FBI and Cybersecurity and Infrastructure Security Agency issued a joint advisory about this increasingly common attack. And, phishing and vishing are only two types of things to look for. It’s important to note that there are four types of mobile security threats:

  • Mobile app threats. When apps that look legitimate are downloaded but are actually spyware or malware, both business and personal information can be stolen.
  • Mobile web-based threats. These types of threats are subtle and usually go unnoticed. When someone visits an affected site, it may look and seem fine, but behind the scenes, hostile content is being downloaded to your device.
  • Mobile network threats. When you or your staff use public WiFi networks, it’s easy for cybercriminals to grab data that is not encrypted. 
  • Physical device threats. This is a particularly dangerous threat. If the device is lost or stolen, hackers have complete access to all the private and company data stored on the device.

These are the four most common types of threats to mobile devices. We’ll discuss how these dangers commonly manifest. We’ll then talk about countermeasures you can take to keep your data secure. 

How hackers attack in seven different ways and what you can do about it

One huge step to combatting cybercrime is to train your employees on security risks. That may seem elementary, but an astounding 31% of companies have no cybersecurity training program. Once you’ve identified the threats to your business and have taken steps to mitigate them, employee training should be your very next stop. Additional ways cybercriminals hack into your systems and how you can stop that include: 

Threat #1: Social engineering attacks in the form of fake emails (phishing) and texts (smishing) attempt to extract information such as passwords, or get a user to download malicious software.  

Defense: There are two strategies here: Train your employees on how to spot these threats, and limit access to sensitive systems to reduce access points. 

Threat #2: Malicious apps that facilitate data leakage are a huge problem. The majority (85%) of mobile apps do not meet security standards. Cybercriminals can use these apps to mine all sorts of data from backend details to digital wallets.

Defense: Mobile application management tools are your best friend. They secure and facilitate IT control over your business applications on smartphones and tablets. 

Threat #3: Public WiFi networks should be considered unsecured because there’s no way to tell if security has been implemented and just how robust it is. Cybercriminals can set up WiFi networks that serve as a way to capture data. 

Defense: Add a Virtual Private Network (VPN). A VPN means your remote users (including those on laptops and desktops, not just mobile devices) can securely access apps and data in your data center by encrypting the traffic sent and received. 

Threat #4: Encryption gaps mean your network is not secure. An unencrypted messaging app is a good example, but any unencrypted application can give bad actors access to your sensitive company data. 

Defense: Having end-to-end encryption is vital. Make sure your service provider has it as well. When everything is end-to-end encrypted, access is available only to those that are the sender and the intended recipient(s).

Threat #4: Internet of Things (IoT) mobile devices like the Apple Watch and home devices like Alexa pose a special risk if they are connected to your company systems. You may not even know they are connected: 78% of companies have more than 1,000 of these devices connected to their networks, and 80% of IT professionals found “shadow” IoT devices connected. 

Defense: Mobile device management (MDM) is a platform with tools to manage company devices to keep them secure.  

Threat #5: Lost or stolen devices pose a risk because they have access to all sorts of information, and with remote workers sitting in cafes and coffee shops, the risk is growing. 

Defense: Formulate a policy to let employees know what they should do if they lose their remote device. If possible, use remote access to delete or transfer information, or to wipe or disable the device. 

Threat #6: Not doing operating system updates poses a risk because they often include security patches that keep hackers out of your systems. 

Defense: Many MDM tools provide the ability to push updates to devices they manage. Otherwise, you are dependent on your employees to keep their devices updated. 

Of course, with human error being the largest threat, lousy passwords pose a huge issue as well. Your best defense is to implement NIST standards enterprise-wide. 

Being forewarned is being forearmed. Cybersecurity for all remote workers is essential, but pay careful attention to the unique security challenges of remote devices. 

Cyber liability insurance – what will you do if your security measures fail?

Cybersecurity breaches are expensive and ruinous to your business. Most small businesses shutter their companies within six months of a breach. With an average cost of $25,000 and the damage to your reputation, you can’t afford the risk.

Defend your company with cyber liability insurance. At Avante, we are committed to making sure your business is adequately protected today, and for whatever tomorrow’s hackers will bring. Reach out today – we’re always standing by. 

This blog and website are made available by the publisher for educational and informational purposes only. It is not to be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state.