Mobile is becoming an increasingly important part of the way your business operates, which introduces new security risks. Changes in mobile computing, including the explosion of apps, the rise of tablets, and BYOD policies have increased threats even more and require an urgent response from your business to prevent damage.
Where do the threats come from?
Unsecured Access Points
Being able to connect anywhere at any time is the biggest strength of mobile devices, but it's also their greatest weakness. Many of the access points are open and vulnerable to attack, exposing users to a full range of invasive attacks.
Unapproved, Vulnerable, and Fake Apps
Another tool that makes mobile computing so attractive is the ability to customise functionality with micro-software apps. Unfortunately, the downside of this is that apps also create risk. When an employee adds unapproved apps to their device, it always creates uncertainty about security.
Many legitimate apps promise security, but few are able to live up to their promise and others introduce vulnerabilities that are often unknown until they're exploited. And perhaps as much as 1 per cent of apps Google Play are copycat fakes that have been modified to steal data. Free apps are especially vulnerable, with perhaps 79 per cent of the top 50 free apps associated with risky behavior or privacy issues.
Unlike your office computers, you don't keep mobile devices under lock and key. They are out in the world where they can be lost or stolen, which means that anyone who has them can now access everything your employee could.
So what's the damage?
Stolen information is the biggest target in mobile threats according to Symantec. Anything stored on the mobile device may be vulnerable, but the easiest target is material transmitted using an unsecured hotspot.
Many websites transmit user names and passwords in plain text, which makes them vulnerable to anyone who may be monitoring. Malware may also monitor the movements and usage for the device, which can expose additional information over the long-term.
Customer data as well as company data may be at risk, and exposing confidential data may damage your company's reputation and expose you to legal liability, especially if the information is protected by HIPAA or similar laws.
Toll fraud, the primary focus of Lookout's threat assessment, is when a device is infected with malware that makes it send text messages to premium numbers, resulting in charges. Depending on the target, this may result in hundreds of dollars in fraudulent tolls.
Loss of Productivity
Many times malware will interfere with the function of the mobile device, making it significantly less productive. Numerous invasive ads can slow down the device or interfere with the user, and make it more likely that a user will accidentally encounter additional malware.
How to protect yourself
People are going to be the weak link in any security solution. Make sure your employees all understand the risks of mobile device use, know how to identify secure and unsecure hot spots, and know what to look for in fraudulent and malicious web sites, emails, and apps.
Create Clear Policies
The next step after education is the creation of clear policies that set limits on risky behaviors with devices that access your network. Make it clear what is allowed and what is not, and make the consequences of noncompliance clear.
Implement Mobile and Cloud-Based Protections
Next, make sure you have installed adequate protections such as mobile and cloud-based security tools that can reduce the risk of your mobile devices. Zero day threat protection is a good feature to have to ensure you are protected against emerging threats.
Finally, make sure that employees only have access to the data they need to do their job. They can't compromise information they don't have.
You Can Be the Law
There are many new and emerging threats associated with mobile computing, but there's no reason to let chaos reign. Being aware of the threats and acting appropriately will establish order in your mobile environment and protect your company from risks.
Matthew Candelaria is a network and enterprise security critic, as well as a cloud computing expert and commentator. He currently resides in Denver, CO.