Less than a decade after the debut of the smartphone in 2007, more people used mobile devices than computers to access the internet for the first time.
In the 12 years (yes, that’s all!) since the first iPhone landed in our hands, mobile computing has grown by leaps and bounds. It’s become woven into our lives.
As a result, remote work and virtual teams have become the new norm in the modern workforce. Workers — both employees and independents — are more likely to work on laptops, smartphones, tablets, and other Internet of Things (IoT) devices than desktop computers.
And not just for phone calls, email, and web browsing. Your smartphone now needs to help you get actual work done: docs, spreadsheets, presentations, meetings, and much more.
… it can. And this has made possible a fantastic degree of flexibility, mobility, independence, and creativity.
But it has also created a wide range of hitherto unknown threats to business data, personal privacy, and the devices themselves, not to mention the networks that connect them.
In this post you’ll learn 10 things you can do to improve your mobile security. But first, an introduction to why securing your devices is a different kind of challenge.
The Growing Challenge of Mobile Security
“Mobile security is at the top of every company’s worry list these days — and for good reason,” writes CSO Online.
And with more people working outside the traditional office, using their mobile devices, IT professionals agree that the risks are growing.
In fact, “33% of companies admitted to having suffered a compromise involving a mobile device and the majority of those affected said that the impact was major,” according to one recent survey.
According to another, nearly two-thirds of IT professionals “are doubtful that their organizations can defend against a mobile cyberattack.”
More and more, remote workers and employees alike are using their own devices instead of company-issued ones. This compounds the problem of “IT consumerization” — using the same devices for both business and personal.
In short, mobile devices are vulnerable to risks that don’t always apply to office-bound desktop computers. Company IT departments face the challenge of protecting sensitive business information on devices they didn’t procure, can’t control, and don’t always know where they are.
A Different Kind of Threat
“People tend to look at mobile security threats as an all-encompassing threat. But the truth is, there are different types of mobile security threats to be aware of,” according to the security firm Auth0.
In 2017, McAfee Labs reported a phenomenal 16 million mobile malware incidents (PDF) during the previous decade.
And yet, for all the sensation around it, malware is not even the main problem. Thanks largely to safeguards built into mobile operating systems, mobile malware infections are relatively uncommon.
Perhaps a bigger mobile security problem is all those people who simply lose their phones. Indeed, IT professionals cite “device loss” as one of their top three perennial concerns.
The small size of mobile devices makes them more vulnerable to loss and theft. With direct access to the hardware, hackers can more easily break in to steal private or company data.
Incredibly, many people still don’t lock their devices with a PIN, password, thumbprint, face scan, or anything else.
Types of Mobile Security Threats
“Due to the nature of how mobile devices function, they tend to have unique vulnerabilities when compared to desktops and servers,” according to DZone.
Here are the major mobile security threats you need to guard against:
Many apps that you download may seem cool and even legit. But day after day brings new reports of in-app spyware tracking your location or purchases, or accessing data the developer promised not to access.
“One problem is mobile apps that request too many privileges, which allows them to access various data sources on the device,” reports Tech Target. Many apps are connected to advertising networks, turning your location, contacts, and browsing history into valuable assets for app developers.
Along with loss and theft, IT professionals name this kind of “data leakage” as one of the biggest problems of all. And it’s not always caused by malicious actions, but through simple, unwise or unaware decisions made by users. Like installing a cool app.
Or “something as simple as transferring company files onto a public cloud storage service, pasting confidential info in the wrong place, or forwarding an email to an unintended recipient,” according to CSO Online.
Malicious sites may seem fine on the surface, but while you’re visiting, they’re busy downloading harmful content onto your phone or tablet. This is one risk they share with desktops.
Unlike your desktop computer at the office, your mobile devices are exposed to a large number of wi-fi and cellular networks throughout the day. The public wi-fi in your favorite coffeehouse, library, hotel lobby, or co-working space may not be secure enough, an easy target for cybercrooks stealing unencrypted data from the airwaves.
Some makers of IoT devices are notoriously bad about updating their operating systems, especially Android devices. The Internet of Things represents a gaping hole in the security landscape. Outdated operating systems (like apps) are vulnerable to newer malware and viruses.
It’s 2019, folks. Why are you still using your birthday as a password? People often use the same passwords for multiple logins, or for both personal and business logins (IT consumerization), or both. If one is compromised, so are all the others.
Phishing scams and other trickery are no less common on mobile devices than desktops. On the contrary, mobile scams may be even more problematic. Again, IT consumerization makes a bad problem worse.
According to a 2011 study, users are three times more likely to fall for a phishing scam on their phone or tablet than their computer. A whopping 91 percent of malware comes through email, and mobile devices are where people tend to check email first thing in the morning, last thing before bed, and all throughout the day.
10 Ways You Can Improve Your Mobile Security Today
1) Use stronger passwords.
Don’t reuse passwords on multiple accounts. Use two-factor authentication where it’s available. A password manager like 1Password or LastPass facilitates more complex passwords, and stores them so you don’t have to remember. It can even help by highlighting accounts with re-used passwords or where two-factor authentication is available.
2) Scan for malware.
A mobile security solution should be able to scan your devices both continuously and on-demand. It should also scan connected USB devices to prevent them from infecting your phone or tablet. This can guard against malicious websites.
3) Use anti-theft measures.
Location detection can help you find a lost or stolen device. Fancy versions use the front and back cameras to show you where your device actually is — and who has it. Some can send a message to your missing device so that an honest finder can return it.
4) Install a mobile security app.
Choose a mobile security app and make it company requirement that employees download it onto their devices. Companies like Bitdefender, Norton, and Avast make consumer and business mobile security solutions that are well-regarded, low cost, and frequently updated with new virus descriptions and other improvements.
5) Implement a device loss policy.
Make sure employees know what steps to take should their device be lost or stolen. Most can delete or transfer data remotely so it doesn’t fall into the wrong hands.
6) Keep OS and installed apps up to date.
Incremental updates not only fix bugs and add functionality, but update security features and patch vulnerabilities.
7) Beware of downloads.
Download apps only from official storefronts like Apple’s App Store or the Google Play Store.
8) Connect only to secure wi-fi networks.
May not always be possible, but “always on” scanning (#2 above) can help in those situations.
9) Keep your phone and tablet locked.
Passwords, PINs, fingerprints, face ID — device makers are always working to stay ahead of the cybercriminals.
10) Educate your company or team.
Make mobile security a regular part of your company’s discussions so that it become standard practice.
Drop us a line to learn more about mobile security and how you can protect your business at the edge of computing.