User Behavior Creates the Biggest Mobile Security Risks
You can’t abolish your biggest mobile security risk, because it’s the people who use the mobile devices. Human nature can cause many problems:
People fall for flattery, people fall for requests for help, people fall for claimed social connections, people fall for all kinds of insincere requests, including phishing messages. This behavior isn’t limited to mobile devices, but the social nature of the devices combined with small screens make it harder to check out the bonafides of messages. As a result, users are more likely to respond to phishing messages and accidentally reveal account ids, passwords, and other sensitive data.
Desktop PCs stay on the desk. Mobile devices travel with their owners, until they don’t: careless or rushed travelers can easily leave mobile devices behind in the cab, restaurant, or wherever they were being used. Once the mobile device is lost, all of the data stored on it is at risk.
Safe computing requires using strong passwords and staying up to date with operating system versions. Human nature means we prefer short passwords and don’t always bother applying patches. Both behaviors can expose mobile devices to risks.
Mobile devices can be expensive, so employees may prefer to keep using older models with known security vulnerabilities instead of upgrading to the latest secure model. They may prefer to use free, insecure Wi-Fi, instead of spending for cellular data.
The point of mobile computing is to let employees use their own devices, tailored to their preferences. That means the devices may be filled with unsafe apps, or may be jailbroken, defeating many of the built-in security mechanisms.
Mobile phones aren’t professional devices, not entirely. Employees mix the personal with professional—that’s the point of allowing BYOD. But it also means employees may not maintain professional standards of conduct on their phones at all times, and more casual consumer attitudes towards security may at times mean treating business security on mobile devices casually, too.
Malware succeeds through deception. Dangerous software enters your network attached to innocent-appearing documents. Phishing emails pretend to be legitimate notifications or requests from genuine businesses. Employees can be deceptive, too; one of the biggest threats to information security comes from insiders. Because mobile devices aren’t as tightly controlled as desktop computers and because they allow access from anywhere, they potentially provide malicious insiders with more access to sensitive data.
Human nature means mobile computing will never be 100 percent secure, but there are things you can do to decrease the risks. Start by defining mobile policies, train users to computer safely both in the office and on the road, and use mobile device management software to increase security. Prescient Solutions mobile support services help you integrate mobile devices into your IT strategy while enhancing the security of your data. Contact us to learn more about how to protect your IT systems from the foibles of workers using mobile devices.