Diamond IT Blog

Are mobiles a threat to your business data?

Written by Hannah Donnelly | October 6, 2020

Cybercriminals are now targeting your people rather than your software, so it's important to evaluate your cybersecurity strategy to ensure it covers all avenues of access to your employees, including mobile devices.

With the rise of remote and disparate workforces, many employees are now using personal mobile devices for work purposes. According to a study by market research and data analyst firm, Clutch, 86% of all employees check their emails on their mobile phones, with 67% accessing shared documents using their devices also.

And while mobile apps support employees to work from any location, they are at the same risk of cyber attack as any PC or Laptop. 

From our experience, here are the top mobile device threats your business needs to be aware of.

 

Social engineering, Phishing and SMiShing attacks

Social engineering targets your employees by exploiting human psychology rather than using technical hacking. An example of this might be a cybercriminal posing as someone from your HR department, prompting someone to update their bank details, or an IT team member asking an employee to update their password to an internal system. Even with the most extensive cybersecurity systems in place, cybercriminals can take advantage of your employees via convincing calls, texts, or emails.

The number one way to prevent social engineering attacks is staff awareness training, which ensures your staff can identify the threats they are exposed to on a daily basis and have the tools and knowledge on how to best respond to and report these attacks.

Phishing attacks aim to trick you into giving out personal or business data via email or text (SMiShing). According to cybersecurity research organisation, CSO, mobile users are "more vulnerable as they often monitor their email in real-time, opening and reading emails and texts when they are received" and also do not display as much information on the screen for the receiver to evaluate before responding. Similar to social engineering, cybercriminals develop sophisticated and convincing emails and texts, that can be easily mistaken for genuine communication by your employees.

Pictured: an example of a SMiShing Attack

Poor password hygiene and unsecured Wi-Fi

Password hygiene is a long-standing issue for company-owned computers and mobile devices alike. But, how do you ensure your employees use secure passwords, passcodes, and multi-factor authentication (MFA) to protect the business data stored on their personal devices? A recent Deloitte report found that only 59% of Australian mobile users lock their devices - a static that should be ringing alarm bells for business owners.

The Australian Cyber Security Centre points out that “since mobile devices routinely leave the office environment, and the protection it affords, it is important that a mobile device management policy is developed to ensure that they are protected in an appropriate manner.”

Working with a third-party provider to conduct your mobile device management can ensure that your employees are taking the necessary security steps on their personal and company devices by coordinating security measures, such as MFA.

When it comes to connecting to public Wi-Fi from mobile devices, unfortunately, most 'free' Wi-Fi networks are considered unsecured. This means that data can move across its airwaves without any encryption or security protection. In these situations, Hackers can position themselves between you and the connection point, and intercept both personal and business data, including passwords and login details. This also gives cybercriminals access to distribute malicious software onto unsuspecting mobile devices.

 

Irregular updates and lost devices

Just like computers, mobile devices and their applications require regular updating and security patching. The difference, however, is that mobile devices often don't have automated update options enabled, and rely on manufacturers to keep their products up to date. Out-of-date mobile devices open the door for cybercriminals to access your personal and business data, and significantly increases the risk of a data breach.

Another benefit of mobile device management is the ability for your third party provider to control devices updates and conduct them automatically instead of relying on manual updates. This ensures your devices and data are protected, and operating at optimal capacity.

We have spoken about the risks of using unsecured public Wi-Fi and poor password hygiene, but what if an employee  mobile device is lost? New research found that Australians lose their smartphones at the rate of 1,370 per day. 

With very few of these mobile devices ever being recovered, a lost personal or company phone (particularly one with poor password hygiene) is potentially handing over sensitive data to cybercriminals on a silver platter. Again, this is where staff awareness training and policy and procedure training is critical to ensure employees are aware of their obligations when using mobile devices. Thankfully, with the support of your mobile provider, it is possible to configure devices to remotely lock lost or stolen devices. 

 

How can Diamond IT help?

We can help you ensure your technology, policy and staff education programs align with best practice. With over 12 years’ experience in the telecommunications space, serving our extensive customer base and working with leading Carriers, Diamond IT’s vast knowledge of business communications requirements and the changing landscape is second to none.

If you need support or advice on your current phone service or provider, contact our team today on 1300 307 907.