Manage the Information Security Risks of Mobile Devices
With Covid-19 restrictions came the increase in working from home. Now as those restrictions ease, many employees will continue to work from home. Mobile devices are a key element of any hybrid work or remote work strategy, and they present information security risks that businesses need to address.
One key source of risk is outdated mobile operating systems. Businesses have a hard time keeping up with patches for desktop devices, and employees have low motivation to install the latest update on their own phone. Yet even having a brand-new device with the latest software isn’t enough to ensure safety. Smartphones have been sold with malware already installed on them.
Other mobile device risks businesses need to address include:
Almost every phone app collects data about the phone and the user, much of it personally identifiable information. Not only can the data put the user’s personal accounts at risk, it also can reveal their employer and be used to attempt hacks against their work-related accounts.
Public WiFi networks leave devices vulnerable to snooping, man-in-the-middle attacks, or to having malware installed. When employees need to use WiFi to connect to corporate networks, they use should use a VPN—even if they’re connecting from their home network, which may not be secure.
Even apps downloaded from the official app stores can be infected with malware that can spy on users or steal data. These risks can be minimized by requiring users to download business apps from company-managed app stores.
Mobile devices are intended to be easy to use. As a result, they often aren’t secure. Users may not have strong passwords, messages—potentially displaying confidential business data—may display on lock screens, and stored data may not be encrypted. Some users may jailbreak their device, which can disable built-in security controls.
Insecure Operating Systems
Even if users have updated their phones to the latest operating system, that doesn’t mean they’re secure. Because Apple controls the iPhone’s operating system, there’s less risk, but Android operating systems come in many varieties from many vendors and there’s a bigger chance that patches are not included.
The small screen of a mobile device makes it harder for users to verify the sender of a message or view the full details of the link they’re about to click. This makes them more vulnerable to phishing.
Many of these risks can be reduced by using mobile device management to control which mobile devices are able to access the network and what users are able to do once they’re connected. Prescient Solutions’ mobile support services include complete support including provisioning, security, and user support to ensure that your mobile device users are able to connect reliably and compute safely.
Contact Prescient Solutions to learn more about how to leverage mobile devices to increase remote work productivity while minimizing mobile device threats to information security.