The number of threats to mobile users is on the rise, as cybercriminals work to leverage the new ways that people are using mobile phones to move money and make purchases. Worse, the average small and midsized enterprise (SME) has done little if anything to defend itself against the threats that mobile devices are posing to its networks.
“You can’t defend against threats you don’t understand,” David Jevans, CTO and founder of Marble Security, told us. “Hackers know mobile devices are the weak point, and that is where they are attacking.”
Ignorance of the threats is the biggest challenge facing most SMEs, he said.
SMEs are under tremendous pressure from employees to allow them to bring their own devices. Organizations may try to buy devices, completely lock them down, and control the applications. It is not enough to stay secure in the BYOD environment.
Since it is nearly impossible to stop users from bringing mobile devices into the organization, smart IT leaders will follow a handful of basic rules.
Ban rooted or jailbroken devices
Jailbreaking kits are becoming more sophisticated, making jailbroken phones harder to spot. The best type of defence is adding an access system that uses an on-device app to authenticate the phone, Jevans said.
Stay attuned to malicious apps
“You have to be able to scan for them to see if they are on the user’s device and restrict them somehow. And you need to have a remediation strategy.”
Watch for legitimate apps that leak private information
Even useful and legitimate apps may leak information. For example, the app may upload the user’s address book to the server for other uses, creating a huge risk for the organization. Often, the app asks for permission, but users may rush through and give permission without considering the risk.
Beware of SMS interceptors
Cybercriminals are using SMS interceptors within applications to monitor incoming and outgoing text messages for private information. This type of exploit is used mainly to gather banking credentials.
Stay wary of unsecured WiFi
Sidejacking (i.e., sniffing network traffic to steal sessions and take over accounts) is becoming commonplace. Organizations should require users to connect over a corporate virtual private network (VPN) when using a wireless network.
Protect against DNS trouble
When mobile users connect over WiFi, the domain name service (DNS) connects the users to servers wirelessly. Cybercriminals use a variety of networks to leverage these services to steal credentials. “Your VPN or VPN service needs to provide trusted DNS service.” In addition, users should be warned to take certificate errors seriously.
Teach users about spear phishing.
As more users access email through mobile devices, spear phishing becomes increasingly common on the mobile platform. The small screen and the lack of web filtering on a mobile device make it easier to miss a suspicious link, Jevans said. In addition, users check their email more often when they have mobile devices. For cybercriminals, it’s a recipe for more successful spear phishing.
Mobile devices are likely to be part of the corporate landscape at organizations for all seasons. SMEs need to take the time and effort to invest in technologies, create policies, and conduct training to make users aware of the threats targeting mobile devices.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
