Your Mobile Device is a target! And here’s why…
It’s no surprise that in the last few years, the amount we use our mobile devices (smartphones and tablets) has significantly increased. I know from looking at my iPhone’s screen time stats that I spend a significant amount of the day using all the great apps and tools that help me navigate a busy day and be productive. In the last couple of years, the global internet browsing ratio has tipped into the favour of smart devices, and no longer on the traditional PC which sits behind a firewall, with Anti-Virus and strict corporate policies.
But when you’re busy, you can fall victim to the many cyber security threats that lurk in our everyday lives.
It’s unfortunate, but there are malicious actors who have become very clever in finding new and inventive ways of tricking a busy mobile user into being hacked, or leaking their confidential information. This can range from seemingly harmless personal data, to very confidential personal data such as bank details, credentials, location, health information, and maybe information about our loved ones. The corporate data that coexists on our devices is also at risk. These days as individuals, we have so much content on our devices, that much of it could be used against us, or our employers.
A few of the top mobile threats are listed below, and this is just the tip of the iceberg:
- Data Leakage – Be very careful about what Apps you grant permission to your data. All apps, even those that are in the official App Stores can send your information and/or information you have access too to remote servers in the background without any need for further permission requests and persist across account changes. Not necessarily always a bad thing but if the app is a bad actor your data could be used in cybercrime!
- Un-Secured Wi-Fi – Free Wi-Fi may sound like a great idea, but be very careful, is it really your cafés Free Wi-Fi you’re connecting to? It may be someone running a Wi-Fi hotspot in the restaurant with the same SSID and just waiting to strip your banking or credit card details.
- Network Spoofing – These are again fake Wi-Fi networks setup by hackers to steal your personal details. They may even have a landing page, that requires you to login in using an email address and password. They can track your every move and in many cases, the email and password you just used, may be the same details you use for other accounts. Voila, your accounts are now compromised.
- Phishing Attacks – Two thirds of all hacks are initiated via email phishing. These attacks work very well on mobile device users, as email apps tend to display less information so it’s not as quick and easy to see more info about who sent the email or where that link actually goes. If an email doesn’t look quite right, maybe wait until your back in front of your computer to verify it.
- Spyware & Malware – Just as the name says, it can track your movements, location data, and activity. These are sneakily downloaded either via phishing attacks or malicious code or a link you clicked on.
- Poor Cryptography – This is something which your average user won’t have a chance to identify. It’s basically poor encryption or vulnerable coding in the apps you use that can lead to hackers tapping into your personal data. If an app you use has poor code, then unfortunately you could end up being part of a large scale attack. There has been many popular apps that have been exploited and their users suffered the consequences.
- Improper Session Handling – This is where the tokens produced by apps or websites to authenticate a user, instead of having to enter a username and password every time, is effectively left as an open “session” and be exploited by a hacker. For example, if you logged into a company intranet site from your tablet and neglected to log out when you finished the task, by remaining open, a cybercriminal would be free to explore the website and other connected parts of your employer’s network.
So what can you do to protect your personal and corporate data you ask?:
Well thankfully there are companies out there who are working tirelessly to provide “Mobile Endpoint Protection”. Usually these are apps which are simple and easy to download and are connected to a highly secure global network of threat detection libraries.
These Apps are able to detect when something potentially malicious is happening on your mobile device. It may alert you that something is happening, or it may immediately disconnect you from that free Wi-Fi hotspot!
A vendor like Wandera – Mobile Endpoint Protection is a great place to start. Wandera can protect against all cyber threats, from device vulnerabilities to phishing to malicious or risky apps, with multi-level cloud and endpoint security. Manage risks with MI:RIAM, their advanced threat intelligence engine. For just a few dollars per device per month, it should be a no brainer. The average cybersecurity breach in the corporate world costs in the hundreds of thousands of dollars, so a few dollars a month to be protected is definitely something everyone should invest in.
If you’re keen to know more about your options for Mobile Device Management and Endpoint Protection, please reach out to us. We’re very passionate about Cybersecurity and would love to help.