Skip to main content

Your Biggest Cybersecurity Weakness Is Your Phone

Mobile devices are one of the weakest links in corporate security. Executives are wrestling with managing a proliferation of devices, protecting data, securing networks, and training employees to take security seriously. In our Tech Pro Research survey of chief information officers, technology executives, and IT employees, 45% of respondents saw mobile devices as the weak spot in their company’s defenses. (Employee data was cited by 37%, followed by wireless access of networks at 34% and bring-your-own-device efforts at 29%.)
Meanwhile, the potential for mobile attacks continues to expand. In July com Score reported that half of all digital time was spent on smartphone apps, and 68% percent of time was spent on a mobile device. If mobile security isn’t a problem for your company yet, it will be.
Consider the following recent events:
  • A flaw called “Quadrooter” left more than 900 million Android devices vulnerable to attacks. The code was published online. Google has since patched Android.
  • Pokémon Go became a global phenomenon, but people in regions without the game downloaded it from unauthorized marketplaces, exposing their devices to malicious attacks.
  • Researchers at Binghamton University found that wearable devices and smartwatches can give away PINs and passwords through an algorithm that has 80% accuracy on the first try and 90% after three attempts.
Securing mobile devices is tricky. Android is a fragmented mobile operating system. Security researchers are anticipating more attacks on Apple’s iOS. Employees lose their devices and can be lax with security compliance. Toss in people bringing their own unsupported devices to work and you can see why security executives are stressed.
Now for the good news: These challenges can be overcome. Our previous survey work at Tech Pro Research found that only 12% of companies have been hit by a mobile security breach. There’s still time for businesses to improve their mobile security practices. Yes, mobile devices can be a problem, but like most things in the security world, the issue isn’t necessarily the smartphone, tablet, or laptop. The problem is us. The solution is following security best practices, protecting corporate data, and educating humans — the real weakest link.
In a July report on mobile security, we noted that mobile devices are breached largely because people lose them or don’t practice good security habits (including not applying the latest security updates) — not because of inherently weak security in devices.
Simply put, most corporate mobile security incidents are due to humans failing to follow basic security procedures. Given that reality, mobile security needs to be part of the broader policy and procedure mix.
Tech Pro Research analyst Jack Wallen outlines the following recommendations to shore up security overall and fortify corporate mobile defenses. These recommendations are based on best practices as well as responses to our surveys.
  • Educate employees and upper management. People need to learn how their actions can have consequences. Sessions on protecting corporate data and thwarting social engineering efforts could be useful. Educating upper management is a different task for information technology executives. The education job here is to make sure upper management know how dire security breaches can become. Employees traveling abroad can also become easy targets without security know-how.
  • Continue to invest in systems to encrypt data, protect networks and various endpoints — internet of things sensors, point of sale terminals, mobile devices, etc.
  • Audit networks, retool and continually update security policies, and migrate systems to a more secure provider. These efforts have to incorporate mobile risks from devices currently in the workplace today, such as smartphones, as well as devices that will be soon, such as wearables.
  • Hire a digital forensics specialist. Of companies with 1,000 employees or more, 41% percent have a digital forensics expert on staff. These specialists are critical to investigating security issues on all fronts, including mobile. Smaller companies or companies with fewer resources to devote to forensics may find themselves to be easier targets for cyberattacks.
Cybersecurity also involves a heavy dose of individual responsibility. Employees and consumers should follow these best practices, from security firm Kaspersky and TechRepublic, to secure their devices.
  • Set a lock and PIN on your phone.
  • Turn on your phone’s auto-lock.
  • Use container technologies such Samsung’s Knox, which adds a layer of security to work items and segments them away from personal items.
  • Back up information to cloud services, and store as little as possible on the device.
  • Use basic security common sense, such as ignoring spam email and avoiding downloads that don’t come from an approved app marketplace (Apple’s App Store, Google Play, or a company-specific area).
  • Keep devices close to you and within sight at all times.
  • Use two-factor authentication whenever possible.
  • If device is lost or stolen, notify your employer right away for remote wiping procedures. For a personal device, Android and Apple’s iOS offer remote wiping features.
  • Avoid unsecure Wi-Fi connections.
  • Keep Bluetooth out of discovery mode when not in use.
  • Encrypt corporate data using the security software your company provides.
  • Connect your smartphone to company networks via VPN connections.

Mobile security is likely to become the next frontier for corporate security executives as exploits and hacks become more creative. Making mobile a regular part of your company’s broader security policy and procedure framework will be critical.
Larry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet’s sister site TechRepublic and Tech Pro Research. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CNET News.com. Larry has covered the technology and financial services industry since 1995, publishing articles in WallStreetWeek.com, Inter@ctive Week, The New York Times, and Financial Planning magazine. He’s a graduate of the Columbia School of Journalism and the University of Delaware.
Labels:

Comments

Post a Comment

Readers Choice

Lead Your Team Into a Post-Pandemic World

During the Covid-19 crisis, I’ve spoken with many CEOs who have shared that a key priority for them, naturally, has been the safety and well-being of their employees. And there are many examples of inspiring actions taken by CEOs and companies in support of their employees. But as we’ve come to recognize that this crisis will last more than a few short weeks, companies are now defining their approach for the long haul. I’ve seen two crucial ideas take hold with corporate leaders. One: Given the magnitude of the shock and the challenges that this crisis represents, companies must consider the full breadth of their employees’ needs as people. Safety is essential, of course, but it’s also important to address higher-level needs such as the want for truth, stability, authentic connections, self-esteem, growth, and meaning in the context of the crisis. Two: Many CEOs have begun thinking about this crisis in three phases. They may assign different names or specific lengths to t
1 comment
Read more

4 Ways Google Search Can Help You Achieve Your Marketing Goals

Google Ads Google Ad extensions are a great way to add key descriptive text without taking up space in your actual ad and improve your quality score for even better results. It’s a win-win right? Google Maps Is your business discoverable on Google Maps? For small businesses, adding detailed information and the use of strategic keywords can be helpful for a better location optimization. Google Ranks SEO is vital for moving up in Google rankings. To climb up the ladder, incorporate top keywords in page titles, meta tags and focus on consistently delivering relevant content. Backlinking If SEO is the the only strategy you have, it is the right time to change that. Start adding backlinks to your content. Quality backlinks can further increase your brand authority. 
Post a Comment
Read more

Twenty Smart Business Buzzwords

Some words may grate on your nerves, but business leaders are still using "disrupt," "synergy" and "ideate." You should too. Spend any amount of time in a corporate environment and you'll likely notice there are some words that seem to come up on a daily basis. Certain verbiage becomes part of the  corporate culture  and soon, you may feel as if you need to use it to fit in. While they can change from one day to the next, most corporate buzzwords have a positive meaning. They're used to boost morale and motivate everyone involved in the conversation. Here are 20 of the top business buzzwords that you should make an effort to work into your vocabulary. 1. Impact Impact is a powerful word that has become a favorite of business professionals.  Grammarians argue  that the word is being used improperly, urging you to use "affect" instead, but businesses love it. 2. Corporate Synergy Half of the people who use this term likely
12 comments
Read more