Mobile Device Security Risks for Corporations

View all blog posts under Articles | View all blog posts under MSCS

A group of people using mobile devices.

The concurrent rise of big data, the Internet of Things (IoT) and mobile device usage has fundamentally changed business strategies in numerous ways, from marketing strategies and work environments to how we communicate. This shifting landscape has also provided new avenues for cyber criminals to exploit vulnerabilities and access sensitive confidential data. To counteract these various types of cyber security threats, cyber security professionals have ramped up their efforts to stay one step ahead of cyber criminals.

Mobile devices attached to the IoT are of particular concern, partially due to the sheer volume of devices in the market. A 2020 report by Juniper Research noted the total number of IoT connections will increase from 35 billion to 83 billion from 2020 and 2024 — an increase of 130%. This provides fertile ground for cyber crime. There were more than 1.5 billion IoT attacks in the first half of 2021, double the number detected in the second half of 2020, according to a report by cyber security company Kaspersky that was shared with Threatpost.

With so many vulnerable IoT devices in use, cyber security has to make a top priority of these mobile device security risks. Best practices must be presented to and continually reinforced among corporate staff and vendors, especially those who are naïve about the security aspects of modern technology. Graduates of cyber security master’s programs will be well armed for the task of corporate security in the age of data.

Mobile Device Security Threats

Hackers are discovering they can’t go about infiltrating secure servers the way they used to, thanks to increases and improvements in corporate cyber security. So they are turning to the adage, “If you can’t get in the front door, try the back door.”

Smartphones, smartwatches, routers, Wi-Fi-connected video cameras, inventory control devices, smart locks, thermostats and other devices connect wirelessly to secure servers and are unfortunately not considered to be vulnerable by users and organizations. However, they offer several potential vulnerabilities that can be taken advantage of by hackers if left unaddressed. These vulnerabilities include but are not limited to the following.

Data Leakage

Sensitive data can be leaked through malware programs installed on mobile and IoT devices. Sometimes data can even be leaked via innocuous smartphone apps installed by users who grant app permissions without thinking twice about it. Those apps can then access secure servers undetected.

Unsecured Wi-Fi

Mobile hotspots can prevent people from using up bandwidth on their personal data plans. Unfortunately, tapping into these free Wi-Fi networks carries serious risk, as they are often unsecured. Using them could leave a device open to hackers.

Wi-Fi Interference

As distributed teams become a larger part of the workforce, businesspeople use coffee shops and other public places as their offices. Hackers can use man-in-the-middle attacks to intercept sensitive data, employing tactics like network spoofing that convince coffee shop patrons, for instance, that they are connected to a wireless access point when, in fact, they are connected to the hacker’s computer instead.

Social Engineering

Phishing is a popular form of social engineering used to trick business employees or executives into divulging information that can then be used to access secured databases and servers. Phishing activities range from sending an email posing as a system administrator requesting credentials to in-person confidence scams.

Spyware

Unlike malware, which can take over a system or network, spyware stealthily enters a computer, gathers data and sends the collected information to a third party. This process is done without user consent, and can occur without the user realizing.

Poor Cyber Hygiene

Most people are beginning to learn that simple passwords are no longer practical where secure login credentials are concerned. Passwords like “123456” or “Name96” are easy to crack and therefore put sensitive information at risk. Hackers even have programs that can devise all possible passwords from personal information such as names, important dates, pet’s names, birth names, places of birth and other easily retrievable data.

Improper Session Handling

Many apps use a token system that allows individuals to perform numerous functions without needing to re-confirm their identity. This can lead to users leaving an app “open” by logging into it and closing it without logging out. Hackers can take advantage of this loophole by hacking into the still-open session and penetrating the app, website or data associated with the session.

Building Effective Corporate Security Strategies

The best way to maintain mobile security in the workplace is to encourage employees to keep sensitive and confidential data safe from hackers. In the case of corporate data security, an educated workforce is an effective deterrent to hackers. Password creation protocol, for example, can be easily conveyed to all of a company’s employees, regardless of their technical expertise.

Businesses have several means at their disposal to make the malevolent penetration of secure servers more difficult. For instance, it’s critical to keep mobile systems as current as possible. The longer a device stays active on the market, the more time hackers have to understand its vulnerabilities. Consistently upgrading systems organically resets this learning curve.

Businesses can also deploy mobile device management (MDM) software on their mobile devices. This software allows a company’s IT and cyber security teams to control and enforce specific security policies on mobile devices attached to the company’s network. This can enhance the protection of sensitive data when employees use their own devices to execute work functions.

Additionally, it’s vital for companies to enforce enhanced security options on all mobile devices. While employees should use strong passwords on their devices, some may unfortunately use weak ones that are easily exploitable. Simple enhanced options like two-factor authentication or biometrics can act as a safety net that can thwart hackers who slip past a password.

To build sustained protection, it’s crucial for businesses to be proactive in their mobile security process. Rather than waiting for a threat to arise, cyber security pros should schedule routine uniform device updates, keep abreast of trending cyber crime tactics and review existing security policies to ensure proper preparation against new and emerging threats. These tactics can help prevent a cyber crime before it’s set in motion.

Become a Mobile Device Security Expert

As the IoT continues to expand, the threat of cyber crime will continue to grow in its prevalence and complexity. For individuals in various careers in cyber security, this poses an ever-changing landscape of challenges. Mitigating mobile device security risks is crucial to corporate data security.

The University of North Dakota’s online Master of Science in Cyber Security program and its certificates can help students develop into leaders. Our program is designed to cultivate your passion for network and system security, helping you acquire the tools to identify, minimize and thwart cyber crime.

Learn how UND can help you embark on a rewarding career in cyber security

Recommended Readings:

5 Powerful Cryptography Tools for Cyber Security Professionals

What Is Vulnerability Analysis? Exploring an Important Cyber Security Concept

Work-From-Home Cyber Security Jobs

Sources:

Forbes, “The Cloud Is the Backbone of Remote Work”

Insights, “10 Mobile Security Best Practices to Keep Your Business Safe”

Investopedia, “Big Data”

Juniper Research, “IoT Connections to Reach 83 Billion by 2024, Driven by Maturing Industrial Use Cases”

Kaspersky, “Top 7 Mobile Security Threats”

Security Intelligence, “The Latest Mobile Security Threats and How to Prevent Them”

Threatpost, “IoT Attacks Skyrocket Doubling in 6 Months”