Mobile phones have gained mainstream popularity since hitting the market in the 90's. The mobile phone industry has been steadily growing in market size, usage, models, and vendors, with smartphone shipments amounting to around 1.37 billion units in 2019. The worldwide smartphone penetration rate exceeded 46% in 2020, translating to 3.6 billion users worldwide. Global shipments are projected to add up to 1.48 billion units in 2023.
Instead of fighting this mobile device’s compelling presence and prevalence, organizations have gritted the teeth by embracing the technology and harnessing its numerous applications in business. Apart from using laptops and desktops to get work done, companies today rely heavily on mobile devices in the workplace. There is little separation between work and personal lives when smartphones come into the mix. Employees deploy the devices for various tasks like contacting clients and vendors, scheduling meetings, composing emails, making financial transactions, viewing documents, and installing personal digital assistant applications.
Meanwhile, businesses are increasingly emphasizing protecting their assets in the face of frequent and sophisticated threats from cybercriminals, and hackers have turned attention away from legacy network components. They are now spreading infected applications and malware targeted at mobile devices, infiltrating corporate networks.
How then can organizations and users avoid overstepping boundaries and ensure information and systems remain secure while increasingly embracing mobile phones in work-related functions?
Mobile Phones - A Hacker's Haven
It only takes one device for a hacker to gain unauthorized access to a company’s network, systems, or information. Businesses must realize that mobile security could be their weakest link, and an attacker needs to break into an unprotected smartphone to infiltrate a corporate network.
At the same time, far too many mobile phones are unprotected against hacker tactics. Only 14% of small and medium enterprises rate their ability to mitigate cyber risks and attacks as highly effective. Most businesses think cybercriminals will not waste their time and resources attacking smaller companies, failing to maintain robust security measures. They are not applying mobile security patches and upgrades necessary to mitigate cyber threats, and the high-level security measures for workstations and servers are not in place for smartphones.
Besides that, the ongoing COVID-19 pandemic has led to mobile usage surpassing desktop usage, resulting in a six times increase in phishing attacks. Criminals leverage phones as a prime target for phishing attacks that account for approximately 90% of all breaches. They distribute official-looking phishing emails to trick victims into revealing crucial information. They know that most people read emails, open attachments, and click links using mobile devices while working from home. Other than that, smartphone users tend to check their email while in a rush and not giving their action full attention.
What’s worse, hackers know that people will hardly see the entire phishing URL bar with a small mobile device screen size, and they habitually miss to spot signs that alert them about an imminent attack. A recent post on the BlackBerry site states that users are more likely to fall prey to phishing attacks while working on their mobile devices than using larger-screened laptops or desktops.
“It’s difficult to spot red flags that we normally detect on a laptop or PC on such a small mobile screen,” says Hank Schless, a security expert. “So we can’t preview links, see full URLs in mobile browsers, and quickly tap anything that comes our way, malicious actors are investing their time and energy into making these campaigns undetectable to the untrained eye.”
What Hackers Look for in Phones
Hackers deploy various tactics, such as malicious apps, vulnerable websites, mobile ransomware, phishing, spyware, man-in-the-middle attacks, physical theft, rooting tactics, advanced jailbreaking, operating systems exploits, and spoofing, to infiltrate mobile devices.
Some of hacker’s targets in phones include:
User Credentials and Passwords
Prominent among the reasons hackers target phones is to steal user credentials and passwords. Undoubtedly, many people reuse passwords across multiple devices and applications. If an intruder steals mobile phone credentials, it becomes a five-finger exercise to escalate their actions to the victim’s laptop and then the corporate network.
Confidential Company Data
Hackers target mobile devices to steal confidential company data, employee information, and customer details, such as names, addresses, social security numbers, and credit card information. Mobile email apps grants access to critical corporate information.
Intruders can hack your device and turn on the microphone and camera to gather information. What if this incident happens on a CEO’s smartphone during a meeting to negotiate a crucial deal or a CISO’s device during a security status briefing? Almost every C-level executive relies heavily on mobile devices for work, and hackers capitalize on this fact to steal their sensitive information, such as contacts, calendar activities, and credentials.
A threat actor can use a compromised mobile device to commit further fraud. For instance, they can send luring texts and emails posing as a legitimate owner to steal more information or gain access to systems.
While convenient, mobile devices are an easy way for attackers to spread ransomware and malware. Users download malicious apps from illegitimate sources or even from official app stores. Other times, app developers deploy pirated tools and programming kits containing malicious code that steals sensitive data. It is also common for users to delay in updating the mobile device software, rendering them vulnerable.
Secure Your Phone From Hackers
Fortunately, there are several defense strategies that you can employ to secure your phone and company systems.
Do not trust emails by default. Verify senders to ensure they are who they actually claim to be. Users should never share user credentials or sensitive information requested via inbound texts or emails. You can contact a sender directly before replying to suspicious emails. Always browse SSL-secured websites to ensure your information, like credit card data, is safe from attackers.
Install Mobile Security Solutions
No matter how well trained your employees are, even the most vigilant user makes mistakes such as clicking malicious links. Fortunately, several mobile security tools prevent phishing and other attacks. For instance, a smartphone anti-malware software can block prevalent and emerging malicious programs. A good example is Google Play Protect, the android’s native security system that scans phones to detect misbehaving apps and alerts users if anything suspicious comes up.
Update the Device OS
It is essential to stay updated with OS and security patches to protect smartphones from newly discovered vulnerabilities. You can simply check the OS’s version by going to settings about phone, then system updates.
Automated Monitoring and Remediation
Businesses can deploy technologies like artificial intelligence to proactively search mobile devices and tablets to identify and remediate security issues. An automated monitoring and remediation approach accurately prevents widespread and advanced persistent threats and malware from running on user endpoints.
Mobile Phone Usage Policy
Organizations should include mobile usage in enterprise-wide security policies. A mobile device security policy should address acceptable use, mandatory security settings, anti-theft controls, OS requirements, and user responsibilities.
Businesses should also develop a password policy guiding users on setting strong credentials on apps, making it difficult for hackers to brute force their passwords. In addition to setting complex passwords, you should set a unique password for each app. That way, a hacker will not have access to other services in case they compromised one app.
Mobile App Permissions
Despite the panic-inducing headlines out there, vendors pack smartphones with robust and reliable security features that can offer advanced security when activated. For instance, you can restrict your apps from accessing personal data or other parts of the phone unless you explicitly permit them to do so.
All the same, you should avoid rooting or jailbreaking your phone since it puts you at a high risk of attacks. In most cases, apps the require you to root your device have not been vetted and can easily hack your phone.
Connect to Secure Wi-Fi
Make sure you connect to a VPN to stay safe while using public Wi-Fi. Even though auto-connecting to wireless networks saves time, it can be a security risk. Ensure you disable the auto-connect feature on the mobile’s Wi-Fi access to avoid connecting to vulnerable public access points.
Working with a Security Expert
Companies are now dealing with an increasing number of employees working from unconventional office locations and connecting mobile devices to the network. Do you know who is connecting to your wireless networks with their mobile devices?
Pulsar Security, an elite team of security pros and software engineers building products designed to analyze and secure enterprise environments, provides SONAR, Wi-Fi Security As A Service which provides continuous 24/7/365 monitoring for an aggregated, unified view of your company’s wireless networks. The solution detects malicious threats and creates alerts for remediation. What’s more, Pulsar Security experts offer personalized recommendations and guides via technical phone and email supports, among other consultative services.
With Sonar, you can detect mobile devices within a range of wireless networks and track the type of device and its MAC address to provide a device fingerprint for collating the phone to an IP address. Another compelling feature of Sonar’s solution is the ability to identify vulnerabilities on mobile devices’ firmware that could compromise the entire wireless network.
Undoubtedly, the number of attacks targeting phone users will continue to rise as businesses increasingly embrace mobile technology to conduct operations. Users should implement various security controls to defend their devices and organizations from the growing and complicated mobile phone security threats.