It’s safe to say our mobile devices have taken over our lives in a big way, with reports saying that the average Brit spent at least four hours a day on their mobile device in 2021. What’s more, mobile devices now account for the majority (55%) of global website traffic, proving how pervasive they are in our lives.
For businesses, this represents a challenge. As the shift to remote and mobile working took off throughout the pandemic, our mobile devices became as essential to our professional lives as they are to our personal lives. Mobile devices – including any device that runs Android or iOS – are powerful mini-computers, making them increasingly popular for working remotely. Yet, while the mobile device is starting to supplant, or at least supplement, the desktop for work and web browsing, users are still likely to treat it as a personal belonging.
Whether or not a company operates a “bring your own device” (BYOD) policy, a device feels different when you keep it in your pocket at all times. For example, a user might have a different, less-guarded frame of mind when their phone is in their hand. Their browsing behavior will likely be different, and the immediacy of messaging alerts – coupled with a smaller screen size – can make them more likely to fall foul of cyber-criminals.
Sadly, this hasn’t escaped the attention of those cyber-criminals. Mobile devices represent yet another endpoint for them to exploit, and they’ve developed several innovative tactics to do so.
1) Cross-Device Social Engineering
Cyber-criminals have become masters of social manipulation. While the average person is more perceptive to phishing emails on their own, persistent threat actors have begun to couple them with text messages to make emails seem more legitimate on the desktop. This clever technique leans on our growing trust for receiving critical information via our mobile devices. For instance, we are now quite accustomed to receiving notifications from the NHS, our banks and a host of other services. The combination of the two makes it seem like a more legitimate request and puts the victim’s organization at a far greater risk.
2) Bogus Apps
Our mobile devices have become incredibly important tools, much down to the vast range of apps now available for us to download. For cyber-criminals, this has created a growing opportunity to steal data through fake apps. Fake apps are built to look and function just like genuine apps to trick users into downloading them; however, they contain malicious code designed to steal data.
Ordinarily, when you install a third-party app, it will ask you to input sensitive data. Bogus apps leverage this to get access to personal information and passwords, giving them the keys to the kingdom.
3) Outdated OS
Something we saw with the sudden move to remote working during the pandemic was the lack of control IT teams had over employee devices. No longer could they force necessary updates. The same is true of personal and professional mobile devices, which often end up running out of date operating systems. This can have several severe consequences, from simply slowing down operation to leaving the device (and the connected network) vulnerable to attack as they generally lack the latest security or applied patches.
If a mobile device has already been compromised through any of these methods, it may be susceptible to spyware. Spyware is a form of malware that gathers information about the user, such as usernames, passwords, payment information, SMS messages and emails that they’ve sent or received. If an employee uses their mobile device for work, it means that the cyber-criminals not only have access to their personal information but can turn their attention to the organization.
Once, mobile devices were under-emphasized in many security ecosystems, but businesses can’t afford to take this risk any longer. IT teams must take certain measures to protect employee mobile devices.
The solution: Ensuring you have a strong mobile management and security solution in place enables you to segregate business data, set policies, scan for malicious apps and intercept threats. To further elevate the security posture, storing mobile device data alongside your other cybersecurity solutions delivers greater visibility and context into the events taking place across your environment.