September 07, 2017

Is Your Mobile Device Hackable? Let Me Count the Ways

A report by the International Data Corporation (IDC) forecasts that by 2020, at least 70% of the U.S. workforce will be mobile.

That’s over 105 million workers using smart phones, laptops, and USBs to do their jobs – and it represents a huge potential for data breaches too.

While companies are used to putting safeguards in place in a physical workspace, it’s not as simple when devices and employees are off site.

Here are 7 ways a mobile device is most at risk of being hacked today.

  1. Theft or loss

Mobile devices are easy to carry around... but also easy to steal or forget in airports, restaurants, and cabs. Solutions: Emphasize secure work habits in on-going training so that mobile devices are never left unattended or even in full sight in a locked car. According to the 2017 Security Tracker by Shred-it, encryption, strong passwords, and multi-factor authentication will help. Also, consider remote control software that can disable a lost or stolen phone.

  1. Unpatched device

The iPass Mobile Security Report 2017 identified unpatched operating systems as a significant threat. Solutions: Implement a comprehensive Mobile Device Policy, and keep operating systems and other programs updated. Security upgrades address known vulnerabilities.

  1. Tricky social engineering

Mobile security threats are often socially engineered. Cyber criminals try to trick victims on email scams or social networking sites into clicking on malicious links with infected malware. Solutions: Security awareness and training is critical so that everyone can recognize threats and avoid them. 

  1. Downloading infected apps

Apps are popular to help with business tasks and for personal use. But apps in general do not have enough security. Gartner reported that nearly 75% of security breaches are due to misconfigured apps. Solutions: Alert everyone to this issue. In the workplace, consider vetting apps and issuing a list of approved apps.    

  1. Public Wi-Fi

Working in public spaces like coffee shops is risky especially if you use the free Wi-Fi. Hackers set up rogue Wi-Fi networks to trap people logging onto them to intercept data transmission.  Solutions: Never transmit sensitive information over public Wi-Fi. Provide staff with mobile packages that include data (so they don't have to use the WiFi), or a Virtual Private Network (VPN) that allows routing online activity through a secure, private network.  

  1. C-level executive

The iPass research showed that C-level executives are at the greatest risk of being hacked outside the office. Experts say they are not the typical 9-5 office worker, and often have unrestricted access to sensitive company data.  Solutions: Educate executives about threats, and limit mobile access to corporate data by C-level executives.

  1. Insiders

Malicious insiders use mobile devices to download sensitive information or use email to transmit data to external accounts. Solutions: Implement a Clean Desk Policy so confidential information is always protected. Avoid stockpiling old mobile devices. The 2017 State of the Industry Report North America showed that, in Canada for example, 44% of large businesses and 46% of small businesses do not have a strictly adhered to policy for disposing of confidential data found on electronic devices. Destroy all unused hard drives using a third-party provider who has a secure chain of custody and confirms destruction.

Start Protecting Your Business 

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.