Mobile security is a major issue for many firms right now. With the rise of trends such as home working, more business activities than ever are being carried out via mobile devices. However, in many cases, employees may be less aware of the risks faced on platforms like Android and iOS, and this makes them an attractive avenue for hackers.
Some mobile threats will be similar to those experienced on desktops and laptops, such as spear-phishing emails that aim to steal sensitive information such as login details. In many cases, these attacks may even stand a higher chance of success on mobile, as with smaller screens and less detail, it can be harder to spot signs things are not as they seem.
However, there are also a few risks that are unique to mobile devices. It’s essential companies are aware of what these are and have specific plans in place to counter them.
Here are 4 types of mobile security threats to be aware of, and some key tips on how to prevent security breaches as a result.
1 – SMS attacks
For many people, SMS services are likely to have been displaced in recent years by over-the-top instant messaging alternatives such as WhatsApp or Microsoft Teams – especially for work purposes. But with more people having their smartphone to hand for work, fraudsters are increasingly taking advantage of SMS as a way of reaching potential victims – and these will usually bypass many business’ defences.
Many SMS scams work in much the same way as email phishing attempts – indeed, it’s sometimes called ‘smishing’. For example, an SMS might claim to be from an individual’s bank, alerting them to an attempted unauthorised payment and including a link to follow in order to verify or secure the account – but following this will actually harvest their bank details.
Some security researchers warned of exactly this type of threat in the recent US presidential election. Both campaigns were using SMS to reach out to potential voters and encouraging them to register to vote with links in messages – a format that could be easily replicated by scammers.
2 – Fraudulent apps
Another common threat facing mobile devices is the risk of fraudulent apps, which appear genuine but can contain a wide variety of malware, from adware that can disrupt a user’s experience to spyware that can log their movements and activities.
Many people may be less aware of the risk posed by fake apps on mobile than they would be on desktop as they believe that as long as an app comes from a familiar and trusted app store like Google Play or the Apple Store, it will be safe. But this is far from the case.
There are frequent reports of malware-ridden apps appearing on these app stores, often disguised as something innocuous such as a game or a news app. While the Android system is commonly held to be much more susceptible to these, Apple isn’t trouble-free either.
3 – Protecting your data – keeping your mobile devices clean
To tackle these issues, it’s vital you have a strategy in place for protecting devices and keeping them free from threats.
When it comes to protecting against fraudulent apps, for example, it’s not enough to have a policy of only using official app stores. You need to have a clear and manageable list of approved and unapproved apps, and this means effective mobile device management software.
Of course, if you’re using company-owned devices, this is easier to control, as you can set up a whitelist of approved apps and block all others from being used. This is much harder to achieve when dealing with personally-owned devices, but it will still be possible to ask users to install the required software and have a blacklist of prohibited apps.
Some people may be unhappy about such mobile security software on their own devices, but this should be considered a basic requirement for the use of any mobile device in the workplace.
4 – Poor user education
When it comes to tackling SMS fraud, for example, there are a few dos and don’ts your employees must be aware of. For instance, staff should be educated to ignore any direct call to action they receive through this channel, such as following a link. If a message is genuine, there will usually be other ways to verify this.
For example, if you receive a message claiming to be from a delivery company, you should be able to go to its website in your browser or open the real app to login and see if it is genuine. You should promote a ‘zero-trust’ approach to SMS messages and tell employees never interact directly with details within them, whether this is a web link or a phone number.
Constant vigilance is vital for all employees who are relying on mobile devices as part of their day-to-day work. Therefore, ensuring everyone knows what to look for is vital, and this means not just running a single training session, but developing an ongoing education strategy that’s tailored to the unique challenges faced by mobile devices.
Learn more about Business Mobile Security