Some Sobering Stats

Let’s take a look at some of the findings. According to the Zimperium report, there’s a huge shift towards attacking via mobile devices.

• 83% of phishing sites they found were designed to specifically target mobile devices
• Mobile malware instances have increased 13% in the last year
• 80% of all malware found were riskware and trojans deployed as what are called “sideloaded apps” (apps not purchased through the device’s official store and therefore not vetted for security).

At the same time, there’s also been a shift in mobile device usage for work:

• 82% of organizations allow staff to use personal devices at work
• 71% of employees use their smartphones to perform work tasks
• 60% use them for work-related communication
• 48% of employees use them to access work-related information
• 85% of the apps on the device are personal apps that all have some potential impact to the organization’s risk exposure

Other Mobile Risk Factors

There is a myriad of other risks that come with staff using their mobile devices for work:

Variety of attack pathways

With mobile devices, cybercriminals can target the user using multiple avenues beyond questionable apps, including via scam phone calls and voicemails, though text messages/SMS (smishing), and through social media, where they try to lure users into clicking on malicious links or providing sensitive information.

Unsecured Wi-Fi networks

Public Wi-Fi networks are obviously convenient when traveling for work or pleasure, but often lack proper security measures. Connecting to an unsecured network can expose the device to hackers who can intercept data, including login credentials, personal information, and sensitive work-related data. If possible, have your staff only connect using VPNs.

Outdated Software

Keeping a mobile device’s operating system and apps up to date is crucial. Outdated software can have vulnerabilities that cybercriminals exploit to gain access to the device.

App Permissions

Many apps request access to various features and data on a device. Your staff should be cautious about granting permissions, especially if they seem unnecessary for the app’s functionality. Overly permissive apps can misuse data or share it with third parties without the user’s consent.

Lost or Stolen Devices

Because of their obvious portability, mobile devices can be easily lost or stolen. Without proper security measures, such as strong passwords, biometric locks, and remote wipe capabilities, a lost device can provide unauthorized access to the user’s personal and professional information.

Awareness is the Answer!

Mobile device usage for work is likely here to stay. And given that most organizations can’t fully secure personal devices, it’s crucial to involve employees in the security strategy with cybersecurity awareness training. Implementing this training on a regular basis can help employees stay vigilant when using their mobile devices for work-related tasks, emails, and web browsing. Training should focus not just the various risks involved with the use of a mobile device and how to circumvent them, but also on what to do in the event of an unfortunate incident. The moral of the story: Teach your staff how to stay safe, so they – and your organization – can continue to enjoy the benefits of mobile technology while getting the work done!