Because smartphones and tablets are now ubiquitous, many companies have adopted “bring your own device” (BOYD) and “corporately owned, personally enabled” (COPE) policies to deal with their use in the workplace. Even with robust BOYD and COPE safeguards in place, though, devices with sensitive internal information are still vulnerable to attack.
According to Gartner, more than 75% of mobile apps will fail basic security tests through 2015. Hackers get access through these apps by finding misconfigurations, which can be difficult to detect. Once they are in, the bad guys can access other devices in the network through a Wi-Fi connection.
Another threat source is phishing attacks, in which the cyber criminal sends an infected email or a text message to a smartphone or tablet. The message appears as if it is from a credible source, but when an employee opens it, the device becomes infected. When the user connects the device to a company computer, the virus is transferred and the hacker can enter the larger network.
There are ways to reduce risks posed by smartphones and tablets. One of the simplest is to prohibit employees from “rooting” or “jailbreaking,” which will limit downloading insecure, unverified third-party apps.
Creating passcodes on the mobile device can help protect the company’s information and is a security no-brainer. Encrypting data is also recommended, which would make it very difficult to access information stored on the device were it lost or stolen.
Additionally, there are several applications, such as FireEye and Zimperium, that help detect mobile threats and create a defense system against them by constantly monitoring application data being transferred. Such apps can alert IT administrators to possible breach activity, which is useful in quickly shutting down a compromised device and thus, minimizing damage.
Mobile devices certainly increase employee productivity and are here to stay, but businesses large and small need to be aware of the risks they bring. All the security measures in the world will never completely secure any device. It is good to transfer the risk that you cannot mitigate, through cyber liability insurance.