Cybersecurity breaches can have disastrous results for companies, with research finding that 41% of consumers will never return to business following a compromise of its data. A further 44% will stop spending money with these companies for at least several months afterward. Both scenarios create a significant loss in revenue—the average cost of a corporate data breach is $3.86 million—and the desertion of long term customers is a particularly painful blow for the companies affected.
Although businesses are increasingly tightening up their in-house cybersecurity measures, employee mobile devices are often overlooked as a target for cybercriminals. People are using smartphones much more than they use their computers, meaning they often yield a bigger reward for hackers. As such, it is imperative that your own company is preventing any threats to corporate mobile security. Here are three ways you can look to bolster cybersecurity, particularly in the case of mobile devices:
- Prevent data breaches with MTD solutions
Data breaches via employee mobile devices—whether these are personal or work devices— are a particularly pronounced problem. With more people than ever using mobile phones for work tasks, employees are often guilty of making misguided decisions about how they use company data.
For example, as there is limited storage capacity on a smartphone, many employees may store apps and files in a public cloud, which a company has no control over. As illustrated by the hacking problems faced by the iCloud, the cloud is by no means secure and can render company data susceptible to leaks.
To prevent employees from accidentally leaking data, you should first and foremost employ a mobile security awareness training program, emphasizing the importance of being careful with company information. Highlight the ways in which they could be putting your data at risk, and how they can avoid doing so.
But while security training is important, it’s only half the battle. Business owners should take the protection of data into their own hands. Perhaps the best way to do this is via a mobile security solution, such as mobile threat defense (MTD), mobile threat management (MTM) or mobile threat protection (MTP). Such solutions can, as explained by mobile security company Wandera, prevent rogue file sharing from employees carelessly using unsanctioned cloud storage services, even within the browser. As such, MTD technology can make sure that employees only use authorized cloud services, thus providing an extra layer of security.
- Help employees avoid falling victim to social engineering
91% of successful cyber-attacks begin with emails. Social engineering tactics have the potential to bypass many security defenses, offering cybercriminals unrestricted access to mobile devices and valuable data. These are non-malware attacks where criminals deceive individuals into clicking hazardous links or sharing personal information. Phishing is a particularly prominent form of social engineering, with over 137 million attacks in the third quarter of 2018 alone.
Social engineering is particularly lethal for mobile devices when compared with computers. The line between work and personal computing is blurring, and more people than ever are viewing multiple email inboxes on their smartphones at once, receiving personal correspondence alongside work-based emails.
To protect against the threat of social engineering, enroll your staff in a phishing awareness course to help your team understand what it is and how to spot it. There are also phishing simulation tools available, including Google’s own test, which test your staff’s resistance to phishing attacks. Analyzing how vigilant your employees are to these threats will help you decide if any further training is required.
- Prevent Wi-Fi hacking on public networks
An employee’s phone is only as secure as the networks they use, and with more of us using public Wi-Fi, company data can be put at risk. Public Wi-Fi is notoriously unsafe and makes it easy for hackers to gain access to information through methods like Evil Twin AP attacks. Here, hackers use the same SSID name as the authentic access point. Since devices aren’t designed to distinguish between SSID names, users mistakenly connect to the cybercriminal’s network instead, allowing them to access private data.
Again, it is advisable that you increase employee awareness about the risks of public Wi-Fi, encouraging them not to connect to suspicious networks when accessing sensitive data. It is also a good idea to invest in VPN apps for staff, which enable them to securely access a private network and share information remotely through public networks, minimizing the risk of devices being hacked.
