Why mobile device security matters
There’s an old internet myth that Mac computers don’t get viruses. In reality, this was only partly true when there were fewer Macs. Today, any sufficiently popular device is vulnerable to viruses, spyware, and other malware – and this includes mobile devices.
With many individuals using mobile devices to access business networks, mobile device security matters more now than ever. By learning about mobile malware and understanding how it spreads, we can behave in a way that shores up security, and keeps both our personal and business data safe.
The problem with mobile devices
Mobile devices are a ubiquitous part of most people’s lives, and an increasingly intrusive one. While some people use their phones primarily to contact people, for many they are now surrogate laptops. We fill them with private data such as photos, notes and messages, use our payment details for online shopping, and even do our banking remotely.
This treasure trove of data makes them a tempting target for any hacker. Whereas the most common targets used to be desktop or laptop computers, the increasing use of emails, messaging apps and other common avenues for sending malicious files has made them a more common target. What’s more, we often don’t apply the same scrutiny to things that we do on a larger screen, such as who an email is from, or where a link is redirecting us to.
Mobile devices are also dangerous as they often connect to various other devices. Where a desktop computer will generally be wired into one network, a mobile device may connect to multiple networks as you pass near them, and even connect to local devices via Bluetooth. This range of access points increases the risk of your device being illegally accessed, and files being passed from one device to another.
What are the main risks to mobile devices?
Mobile devices are subject to different risks than traditional computers, and require a different approach to data security. With many mobile devices being used for both personal and business matters, the potential damages are doubled. If you have been supplied with a mobile device for work, it is important that you take the right steps to keep up security.
Types of security risks associated with mobile devices include:
- Theft or loss of the device. Probably the most obvious threat, any lost devices will have a monetary cost for the replacement of the device.
- Unauthorised access to data. Mobile devices used for work are likely to contain or have access to confidential data. In the wrong hands, this will cause a security breach.
- Network intrusion. Not only can a compromised mobile device provide an attacker with data, it can also provide an entry point for the attacker to penetrate further into the company network, sending out phishing emails and accessing data on the network.
- Identity theft. With a stolen mobile device, an attacker could use your information and even call or send emails from your number or address. They could use this to scam your colleagues or customers.
How can mobile devices pose a security risk?
Mobile devices can allow attackers to gain access to confidential data in a number of ways:
- Unauthorised access. Mobile devices can be stolen or accidentally left behind, and then accessed by an attacker.
- Mobile devices are just as likely to be infected with malicious programs as the desktops in the office – and in fact can be even more vulnerable due to threats from outside the company network.
- Shoulder surfing. When confidential information is accessed outside the workplace on mobile devices, it is vulnerable to being viewed by unauthorised people.
- Network surveillance on public Wi-Fi.
How to protect your devices from loss and theft
While mobile devices can be compromised remotely, the most common form of data theft is through physical access to a device. Unsecured or poorly secured devices give criminals the opportunity to steal data or install malware, which could continue to capture and relay information even if you get your device back.
This is why these precautions are important:
- Never leave your devices unattended in public places. Even if your device is protected by a password, with physical access a criminal could still steal data or install malware if they have the device in their control.
- Protect all your devices with a strong password. This helps make it harder for attackers to gain access. You could also use biometric authentication such as a fingerprint or face scanner, although these methods can be spoofed.
- Always log out of your devices when you are not using them. This is especially important with laptops and tablets that you don’t carry around with you.
How to protect mobile devices from malware
No device is safe from malware, and in some cases, mobile devices may even be less safe than computers. Mobile browsers can be more vulnerable to malware downloaded from browsing insecure websites, and the wide variety of phones (particularly Androids) means that security updates aren’t always timely, or available at all after a certain point.
As such, the following tips are extremely important to protect mobile devices from malware:
- Install operating system updates as soon as they are available. Software updates contain security patches that fix known vulnerabilities which malware could exploit to infect your device.
- Ensure you have up-to-date antivirus. This is especially important on laptops with Windows or MacOS operating systems.
- Only install applications from official app stores. On mobile phones and tablets, you should only ever install applications from Google Play, Apple App Store or other official application stores, as these stores check apps for malware.
How to protect mobile devices from shoulder surfing
Having your device stolen or accessed remotely isn’t the only risk. Just like using a cash machine or card reader, ‘shoulder surfing’ can compromise your login details, and leave private information vulnerable to being seen and stolen. As such, try to stick to the following:
- Avoid viewing sensitive or confidential data in public whenever possible. It is best to avoid accessing private information in public places if at all possible.
- If you have to view sensitive or confidential data, think about who might be able to see it. Try to position yourself so that it is hard for bystanders to see your screen.
- Get a privacy filter for your device. A privacy filter on the screen of your device will limit the viewing angles of the screen and make it harder for bystanders to see what is on your screen.
Being informed of mobile device risks and taking the right precautions is the first step to a more secure workplace. To start formulating a comprehensive security strategy – including advanced encryption, vulnerability scanning and data backups – contact Sota today.