Securing the mobile enterprise
Companies must continually assess their security systems, tools and policies to make sure they are up to date with the threat landscape, says Simon Campbell-Young, MD of Credence Security.
The rise of the Internet of things (IOT) is seeing our world and our lives become increasingly connected. Our devices talk to each other and to the Web. We can disarm our alarms and turn off our home lights remotely. We can send money around the world. We can chat to friends and family overseas and look at their holiday photographs, all from a smartphone.
"And each day a slew of new apps, devices and software is on offer, allowing us to do even more on our phones, meaning we are storing more and more private and personal information on our devices," says Simon Campbell-Young, MD of Credence Security.
He says all of us have contacts and other personal information on our friends and family stored on our devices. Most of us conduct banking transactions and have other financial information on our phones. Some of us even store passwords in a file on our mobile devices, and a few of us store medical information and health insurance details too.
"Even though malicious software that targets mobile devices makes up only a fraction of cyber threats each year, it has been growing exponentially, particularly for Android devices," Campbell-Young says. "And it's not only individual users who are in danger. Mobile devices can be used by clever cyber criminals to breach the corporate network."
According to him, savvy hackers don't need to physically get their hands on a device in order to hack it; they can employ unsecured WiFi networks, phishing attacks, malicious applications, and other vulnerabilities in the device's operating system to achieve their goals.
He adds that although device manufacturers have done a fair bit to improve security on their products over the last few years, it's not enough to stay ahead of clever threat actors. "However, there are several steps individuals can take to protect themselves, starting with running all updates on operating systems and applications. As soon as a vulnerability is discovered, vendors immediately work towards patching their applications and software, so update as soon as humanly possible."
Another way to protect yourself from mobile threats is to avoid connecting to unsecured WiFi networks in the first place. Make sure the 'connect automatically' function is turned off, and try to avoid connecting to public hotspots in the first place. "If you need to use public WiFi, then you should consider setting up a VPN to make sure any data you send and receive online is safe."
He also advises users to check app permissions before downloading the app. "Some apps ask for far wider permissions than they could possibly need. Why would an exercise tracker need access to your contacts and camera, for example? Make sure that applications only have access to the features and functions they strictly need to perform their function."
For organisations, having a good bring your own (BYO) policy in place is crucial. "Ensure that your employees that use their devices to conduct company business have a good anti-malware solution installed. This can ensure the device can be locked or wiped remotely, in the event of loss or theft. Some solutions also offer containerisation to keep business data separate. In addition, make sure all employees make use of a password, pattern or biometric [solution] to access their devices, and have a clear policy on authorised applications."
Today, mobile devices such as laptops, tablets, smartphones and wearables are a popular vector for hackers to find their way on to your network. "Ensuring that your BYO environment is safe means that organisations must continually assess their security systems, tools and policies to make sure they are up to date with the threat landscape," Campbell-Young concludes.