Whether as a perk or a way to accommodate employee desires to work remotely,company-issued mobile phones and laptops are becoming increasingly commonplace.These are often provided at considerable cost to a business—£270 per employee per month, according to one study—yet only 11% of businesses take more than one basic measure to protect their mobile networks.
A recent study has shown that corporate data breaches, made all the more easy by the widespread use of company mobile phones, cost businesses nearly £6.1 million last year in total, a figure which has risen year on year. With 1.7 million incidents of cyber crime recorded by the ONS in the twelve months between April 2017 and March 2018 alone, the problem doesn’t look set to go away any time soon.
How to improve corporate mobile security against any threat
First and foremost, company-owned devices should be protected with cyber security software as a first line of defence. Mobile security specialists Wander a note that the best solutions takes three steps to protect devices: detecting, preventing and then containing any cyber threats. Making use of these programs can catch any threats before or as they happen, saving a business’s devices—and as a result vital internal networks—from external corruption, viruses and malware.
Beyond technical measures, businesses can themselves formalise a company-wide mobile threat defence policy. Many businesses have started investing in training courses to help staff recognise suspicious looking emails—though as one recent episode of the Reply All podcast made clear, that may not be as easy as it sounds. Similarly, making sure that staff register all devices with management for insurance purposes, as well as protecting devices with at least one unique password (which is regularly changed) will go a long way to keeping business-owned tech safe.
Three major mobile security risks to a business’s confidential data
Phishing is a way of illicitly obtaining private information through carefully-designed messages which look legitimate—as noted above, suspect emails are all too easy to miss. After clicking a link in an email and entering their details as requested, a user has effectively surrendered their personal information to an unknown hacker.
When it comes to company data, the consequences can be even more severe. A recent Mashable report noted that phishing scams are on the rise, and as technology evolves, so too do these attacks. New variants including smishing—text message based phishing—which is using the increased technological capabilities of mobile devices to catch users off guard.
One of the main reasons cited for corporate-issued mobile phones is to prevent company data from finding its way to staff-owned devices, which are just as susceptible to external attacks. However, while some businesses operate a bring your own device, or BYOD, policy, the reverse—letting staff use their company devices for personal matters—poses an equal risk. For one thing, all data accessed on a company-owned smartphone becomes the property of the company, including any malware,viruses or hacks suffered. Consequently, while there is some controversy over the privacy rights employees have, it should discourage them from conducting any non-work business on company phones.
Computer Weekly recently noted that remotely accessing a company network through a virtual private network (VPN) is becoming a much more frequent way for staff members to interact when they aren’t all based in the same office. VPNs are often touted for their flexibility and convenience,offering a secure network which allows participants to sign into an encrypted connection, no matter where they are located. However, anyone using them on public connections can leave the entire network vulnerable and exposed to outside interference if they aren’t careful. Wired have more information on choosing the most appropriate VPN for your business’s needs.