Cybercriminals are targeting wealthy countries with malware that can cripple your business - a recent example is the WannaCry ransomware attack that hit 200,000 users in 150 countries, locking their files and demanding a ransom be paid to decrypt their company data.
It’s common for enterprise to allocate a fair chunk of their IT budget for desktop and server threat security – but next to nothing on protecting mobile devices. If you have employees accessing company data or emails online using their smartphone or tablet, without a mobile security strategy, you’re vulnerable. Here, we identify 5 ways your mobile technology leaves you exposed, and offer advice that will help keep your organisation safe.
1. App Exposure
Apps are incredibly useful in business, but some can do more harm than good. Many apps access services on your device such as your contacts and calendar without your knowledge or a clear reason. It’s also difficult to determine if an app is securing the data it stores or transmits.
Mobile threat applications, such as Lookout can detect if and where your data is being sent, if it is encrypted and which services the application is trying to access on your device. This allows you to identify and mitigate security threats early, before they take hold.
2. Location-based Services
A tactic that is favoured by today’s cybercriminals is using malware that is geo-targeted to a specific business, city, state or other demographic. Ransomware is also geo-targeted to access your data, encrypt it and demand that you pay for its release.
Many apps have access to location-based services that do not need it, for example, the Flashlight app. It’s good practice to turn off the location access for any apps that don’t have a specific need for it to minimise the risk of malware and ransomware attack.
3. Jailbroken and Rooted Smart Devices
Jailbreaking, or rooting, opens access to operating system files that are normally protected. Jailbroken devices can access app stores offering free versions of paid apps, but these often have malicious code added. This exposes the device to downloading of further zero-day virus vulnerabilities, which can enable remote access.
Security products by Lookout or Zimperium make it easy to identify compromised devices, as well as many other device threats. If you discover any jailbroken devices in your organisation’s mobile technology, they pose a serious threat to your security. Once identified, they should be restored to their original factory settings or, at the very least, prevented from accessing network resources.
4. Obsolete OS versions
All too often, end-users access sensitive company data using outdated OS versions with known vulnerabilities. Running multiple OS versions is costly to support and provides an increased opportunity for criminals to attack. For example, iOS versions prior to 9.3 are vulnerable to a Pegasus attack which gives hackers access to services including the user’s camera and microphone – this means the hacker can see and hear your conversations, meetings and more.
This situation is easily avoided by auditing your mobile technology to make sure they’re all running on the latest OS, a good MDM platform will do that. It’s important that as part of the ongoing management of your mobile devices, you have a system that alerts you as new versions are available, and an enforcement policy with end users to make sure your corporate & workforce BYOD devices are always up to date.
5. Juice Jacking
There are some innovative ways hackers have come up with to gain access to your end users physical devices – take juice jacking for example. It’s a cyber attack with a difference, as the malware is installed onto a device when a user plugs into a compromised public charging station at an airport, train station or shopping centre. The malware downloads malicious code that then allows an attacker to download other vulnerabilities onto the device, providing access to corporate data and a backdoor into your network.
Ensure your enterprise mobility policies include educating your staff on the possible risks of device access threats, including using public charging stations, and advise them to plan ahead to avoid using them altogether when possible.
What You Can Do
Although the security threats to your mobile technology are growing more numerous and more sophisticated by the day, there is a lot you can do to protect your information and keep your data safe. You should have a policy that enforces the backup of individual users’ devices as well as your company data. Keep your OS and apps up to date and educate employees on malicious emails and SMS that enable zero day vulnerabilities to be downloaded. And any BYOD device needs, at a minimum, lock screen passwords and should be checked thoroughly for jailbroken devices and malicious apps.
Managing your mobile technology is complex, but help is available. Using MDM systems with Endpoint Threat detection apps will provide a high-level of security protection. Mobile Threat Defence from organisations such as Lookout and Zimperium offer advanced threat detection capability and can also auto-remediate – for instance, it will sense danger and kick a user off a known malicious public Wi-Fi access point if needed. If you’re struggling to find the time, resources or expertise to protect your mobile technology, a Managed Mobility Service Provider can help you bring it together. They’ll work with you to plan and implement a mobile security strategy and make sure your mobile devices are protected now and in the future.
Over to You
Do you have questions about securing your organisation’s mobile technology? We’d love to hear from you!