Journalist

Author Bio ▼

Hailey Lynne McKeefry has spent more than 23 years writing about technology and business. She began her career as an editor at such periodicals as Macintosh News, EBN, and Windows Magazine. After more than 16 years as a freelance journalist, she has written about a broad variety of technology topics, with a focus on security, storage, healthcare, and SMBs. Living in the heart of the Silicon Valley, Hailey has written for many top business-to-business publications and Websites including Information Week, CRN, eWeek, Channel Insider, Channel Pro, Redmond Channel Partner, Home Office Computing, and TechTarget. She graduated from the University of California at Santa Cruz with a BA in literature.
June 3, 2013

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Top 7 Mobile Device Threats for SMBs

The number of threats to mobile users is on the rise, as cybercriminals work to leverage the new ways that people are using mobile phones to move money and make purchases. Worse, the average small and midsized enterprise (SME) has done little if anything to defend itself against the threats that mobile devices are posing to its networks.

“You can’t defend against threats you don’t understand,” David Jevans, CTO and founder of Marble Security, told us. “Hackers know mobile devices are the weak point, and that is where they are attacking.”

Ignorance of the threats is the biggest challenge facing most SMEs, he said.

SMEs are under tremendous pressure from employees to allow them to bring their own devices. Organizations may try to buy devices, completely lock them down, and control the applications. It is not enough to stay secure in the BYOD environment.

Since it is nearly impossible to stop users from bringing mobile devices into the organization, smart IT leaders will follow a handful of basic rules.

Ban rooted or jailbroken devices
Jailbreaking kits are becoming more sophisticated, making jailbroken phones harder to spot. The best type of defence is adding an access system that uses an on-device app to authenticate the phone, Jevans said.

Stay attuned to malicious apps
“You have to be able to scan for them to see if they are on the user’s device and restrict them somehow. And you need to have a remediation strategy.”

Watch for legitimate apps that leak private information
Even useful and legitimate apps may leak information. For example, the app may upload the user’s address book to the server for other uses, creating a huge risk for the organization. Often, the app asks for permission, but users may rush through and give permission without considering the risk.

Beware of SMS interceptors
Cybercriminals are using SMS interceptors within applications to monitor incoming and outgoing text messages for private information. This type of exploit is used mainly to gather banking credentials.

Stay wary of unsecured WiFi
Sidejacking (i.e., sniffing network traffic to steal sessions and take over accounts) is becoming commonplace. Organizations should require users to connect over a corporate virtual private network (VPN) when using a wireless network.

Protect against DNS trouble
When mobile users connect over WiFi, the domain name service (DNS) connects the users to servers wirelessly. Cybercriminals use a variety of networks to leverage these services to steal credentials. “Your VPN or VPN service needs to provide trusted DNS service.” In addition, users should be warned to take certificate errors seriously.

Teach users about spear phishing.
As more users access email through mobile devices, spear phishing becomes increasingly common on the mobile platform. The small screen and the lack of web filtering on a mobile device make it easier to miss a suspicious link, Jevans said. In addition, users check their email more often when they have mobile devices. For cybercriminals, it’s a recipe for more successful spear phishing.

Mobile devices are likely to be part of the corporate landscape at organizations for all seasons. SMEs need to take the time and effort to invest in technologies, create policies, and conduct training to make users aware of the threats targeting mobile devices.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23
Subscribe
Notify of
guest
7 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
BryanD
BryanD
June 3, 2013 7:41 am

 
A very good article Hailey. Cybercrime on Smartphones and Tablets is exploding. Our company, Venom UK,  has just launched a mobile security product which gives full protection against all these issues. It’s called DataGard and has been specifically developed for Smartphones and Tablets (both IOS and Android) by the security specialists OC Shield. It’s a subscription product which costs about $4.00 per month and uses a free app to install so it’s incredibly simple to use for professional level protection.  http://www.datagardmobile.com/
For further information please contact.
Bryan Davies, Chief Executive Officer, VenomTek (a division of Venom UK)
[email protected]
http://www.venomuk.com

JonathanL
JonathanL
June 3, 2013 9:28 am

Jail breaking of phones is a controversial practice but has been found in the states to not be illegal.  Some would have you believe that by jail breaking a phone you can enjoy some perks that are denied to you by the company that locked it down however while some times the phone’s abilities are locked down to get you to buy deeper into a service with the provider many are locked down for your security and protection.  Its learning the difference between the two that consumers should focus on.  

batye
batye
June 3, 2013 11:08 am
Reply to  JonathanL

could not agree more jail broken devices do present security threats and a lot of the customers do overlook this but at the end security get affected on the long run…

gbrown
gbrown
June 4, 2013 12:07 pm
Reply to  JonathanL

True . there are other sofware to help safeguard data on our mobile devices like tablets and mobile phones. Most of these anit virus companies are currently offering anit virus and other security ptoctective sofware for portable devices

Hailey Lynne McKeefry
Hailey Lynne McKeefry
June 4, 2013 2:07 pm
Reply to  JonathanL

, jail breaking is quite controversial. I think most users are under-informed about how the practice opens the device up to security failures. From a corporate perspective, these devices really do need to be blocked from the network.

Hailey Lynne McKeefry
Hailey Lynne McKeefry
June 4, 2013 2:09 pm
Reply to  gbrown

, and many AV companies offer free versions of their products. For organizations and userst that want basic protection, these can be a good option. When you buy an AV product, you are paying for the most sophisticated control, but they all use the same signature files whether paid or free. The security industry is unique in that many companies and researchers share information with each other… in a sort of “fox hole friends” approach to the war against crime. The end result is a better result for the end user.

gbrown
gbrown
June 5, 2013 7:52 am

@Hailey I completely agree to that ”  The end result is a better result for the end user” when end user needs are met with satisfaction