As coronavirus has more employees working remotely, the security of BYOD devices is increasing in importance. Businesses must take steps to ensure appropriate controls are applied to mobile devices to protect the data on them and prevent unauthorized connections to company networks systems.

Mobile Device Vulnerabilities

Mobile devices have a number of vulnerabilities:

Easily lost or stolen

It’s unlikely a hacker will be able to remove a server from your data center, but a cell phone, tablet, or laptop is easily left behind in a restaurant or appropriated by a pickpocket. Once the device is lost, so is any data on it, unless it’s protected by strong passwords and encryption. In addition, data on the device can be stolen even without losing the device, if a bad actor simply stares over your employee’s shoulder.

Insecure configurations

End users are the security admins for their phones, but they don’t have the training needed to ensure secure configurations. They may disable passwords, turn off encryption, and download dangerous apps from unverified sources.

Insecure networks.

Mobile devices are most often used over Wi-Fi. If used in a public place, it’s easy to accidentally connect to an unsecured Wi-Fi network and potentially expose all communications. Devices on these networks are also vulnerable to having malware installed.

Unreliable users.

The weakest link in IT security is always the end user. Mobile devices magnify this impact, because the small screens make it harder to verify that URLs and email addresses don’t have subtle typos indicating a phishing attack.

Mobile-specific attacks.

The text messaging capability of mobile devices leaves them vulnerable to SMS-based attacks. These include phishing attacks that, combined with phone number spoofing, can trick employees into revealing sensitive information.

Protecting Against Mobile Security Threats

Because users change their devices relatively frequently, the best way to protect against mobile security threats is to focus on mobile user identity management. Having controls such as passwords and encryptions on devices is important, but it’s just as important to focus on backend controls. By knowing where users commonly access systems from, you can use rules to appropriately grant or deny access without needing to know the specifics of the device being used. Manage privileges at the user level rather than the application level as well, to ensure that users only access functionality appropriate to their business role.

Prescient Solutions offers complete information security and mobile support services, ensuring businesses in Chicago and Schaumburg organizations protect their data wherever their users are located and whatever device they are using. Contact us to learn more about empowering and protecting your mobile device users.