Is Your Endpoint Security Prepared for These Major Mobile Threats?
We are firmly in the age of mobile working, where many employees either work remotely or on the go. It’s scarce, these days, for work to start and end in the office.
As employees travel for work and companies embrace flexibility, it’s now common for people to check their emails while commuting, in coffee shops and even at airports. In fact, 1 in 5 Australians works in 3 or more locations.
Underpinning this is the smartphone. Gone are the days when you could only use your telephone to make calls. Smartphones today are highly portable and have a wealth of functions and apps.
With mobile versions of Teams, Slack and many other productivity and communications tools, it’s easy to see why employers and employees have embraced mobile working.
However, mobile working shouldn’t be allowed to blossom in your organisation without the proper checks and balances. Namely, mobile phones are a huge security risk.
While we don’t want to put you off mobile working, we want to make sure that you’ve got the right security solutions and procedures to protect your employees and company data.
The Major Mobile Security Risks
The portability of smartphones makes them highly susceptible to security risks. While desktop computers are safe within the office’s four walls, mobile phones will be exposed to new threats with every location they are taken to.
Here are the top threats you need to know about.
Cybercriminals realise that Australians are increasingly using their phones for work purposes. As a result, they’ve pivoted traditional social engineering tactics for mobile users.
The most common threat you’ll see here is SMS-ishing, where hackers send fraudulent texts to people, pretending to be a trusted source like a well-known brand or health organisation.
Typically, the text will include a fraudulent link. When the victim clicks the link, they’ll be encouraged to share highly sensitive details that attackers can then use for further fraud or sell on the dark web.
There’s also spear SMS-ishing, where hackers create highly personalised, targeted texts and send them to victims. Often, these texts will look like they come from a colleague, customer or supplier. While these attacks are less common, they are highly effective as they are so deceptive.
SMS-ishing attacks are on the rise. According to research, mobile phishing attacks increased by 350% in 2021. While it’s difficult to prevent your employees from receiving these texts, you can empower them to spot and react in a safe way.
We advise conducting employee phishing and SMS-ishing training, in which you educate your employees on what these attacks look like. You should also put in place procedures that help your employees to report these attacks as they happen, to prevent other people from falling victim.
Creating a security awareness programme in a small business can be difficult due to a lack of time, expertise and resource. We can design, run and manage your security training programme for you to reduce the risk of SMS-ishing in your business.
Another way hackers try to exploit mobile phones is by creating fake mobile applications. These applications will often impersonate legitimate apps from big brands. However, when the victim downloads such an app, their device will be infected with malware, spyware or ransomware.
Depending on the severity of the malware, you could lose access to company data or even experience downtime. Getting a handle on this risk is crucial. Again, employee training is essential here.
Ensure your employees know to only download apps from reputable app stores like Google Play and Apple’s app store. As well as this, they should scrutinise applications carefully before downloading to ensure they’re legitimate.
Even with training in place, there’s still the risk that employees could accidentally download malicious apps. If your people use company-owned or leased mobile phones, you may want to consider a mobile device management (MDM) solution.
MDM works by installing an agent on your employees’ devices. This gives you visibility and control over how your employees use their phones. You can, for example, safelist and denylist applications they can use.
While MDM is a good tool for company-owned phones, note that it’s not suitable for environments with Bring Your Own Device (BYOD) policies. This is because MDM is considered too invasive to instal in employee-owned devices.
Saying this, there are other solutions you can consider, such as a Cloud Access Security Broker (CASB), which provides visibility into the cloud without the need for an agent on the user’s device.
Network Spoofing and Man In The Middle Attacks
Network spoofing occurs when a cybercriminal creates a fake WiFi spot in a high traffic location, like an airport or cafe. When victims sign up to use the phoney WiFi spot, the hacker will harvest their details. These details can then be used to commit fraud or for more targeted phishing attacks.
It can be difficult to prevent your people from using public WiFi – but you can educate them on the risks around network spoofing. Armed with this knowledge, your people will be much more careful about their network choices – and should only join legitimate ones.
Another WiFi-related attack is known as a man in the middle attack. This occurs when a hacker breaks into a public WiFi network. Once they’re inside the network, they can intercept communications from the connected devices. Often, this will include passwords, financial details and even email correspondence.
To defend against these attacks, ensure that your employees only join trusted WiFi networks. Better still, encourage them to use a VPN when working in a public place. A VPN effectively acts as a tunnel between your corporate resources and your employee devices, ensuring that no data is intercepted as it travels across the internet.
Schedule a Security Review Today!
Don’t be in the dark about your cyber security defences. GKM2 can assist your Sydney area business by reviewing your mobile security strategy and letting you know of any weaknesses that could leave your company at risk.
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.