It is safe to say that our mobile devices have taken over our lives in a big way, with reports indicating that the average British citizen spent at least four hours a day on their mobile devices in 2021. Moreover, mobile devices now make up the majority (55%) of global website traffic, proving how pervasive it is in our lives.
For companies, this is a challenge. With the shift to remote and mobile work taking off throughout the pandemic, our mobile devices have become as essential to our professional lives as they are to our personal lives. Mobile devices — including any Android or iOS device — are powerful little computers, making them increasingly popular for remote work. However, while the mobile device begins to replace, or at least complement the desktop for work and web browsing, it is still more likely that users will treat it as a personal affiliation.
Whether the company runs a “bring your own device” (BYOD) policy or not, a device feels different when you keep it in your pocket at all times. For example, a user may have a different and less guarded state of mind when their phone is in their hand. Their browsing behavior is likely to be different, and the immediacy of message alerts – along with a smaller screen size – can make them more vulnerable to falling victim to cybercriminals.
Unfortunately, this has not lost sight of these cybercriminals. Mobile devices are another end point that they can exploit, and they have developed many innovative approaches to do so.
1) Cross-device social engineering
Cybercriminals have become masters of social manipulation. While the average person is more aware of fraudulent emails on their own, persistent threat actors have begun to associate them with text messages to make emails appear more legitimate on the desktop. This smart technology builds on our growing confidence in receiving critical information via our mobile devices. For example, we are now quite accustomed to receiving notices from the NHS, our banks and a host of other services. Combining the two makes it seem like a more legitimate request and puts the victim’s organization at much greater risk.
2) fake apps
Our mobile devices have become incredibly important tools, due to the large range of applications that are now available to us for download. For cybercriminals, this has created an increased opportunity for data theft through fake apps. Fake apps are designed to look and work just like the original apps to trick users into downloading them; However, they contain malicious code designed to steal data.
Usually, when you install a third-party app, it will ask you to enter sensitive data. Bogus apps take advantage of this to access personal information and passwords, and give them the keys to the kingdom.
3) outdated operating system
Something we’ve seen in the sudden transition to remote work during the pandemic was the lack of control that IT teams had over employee devices. They can no longer force necessary updates. The same is true for personal and professional mobile devices, which often end up running out of old operating systems. This can have several serious consequences, from simply slowing down the process to leaving the device (and the connected network) vulnerable to attack because it generally lacks the latest security software or patches applied.
If a mobile device is already compromised by any of these methods, it may be vulnerable to spyware. Spyware is a form of malware that collects information about a user, such as usernames, passwords, payment information, SMS messages, and emails that they have sent or received. If an employee is using their mobile devices to work, this means that cybercriminals can not only access their personal information, but they can divert their attention to the organization.
Once upon a time, mobile devices were underestimated in many security ecosystems, but companies can’t take these risks anymore. IT teams must take certain measures to protect employees’ mobile devices.
Solution: Ensuring a robust mobile device management and applicable security solution allows you to segregate business data, set policies, scan for malicious apps, and intercept threats. To further raise the level of security, mobile device data storage combined with other cybersecurity solutions provide greater visibility and context for events occurring across your environment.