If your colleagues are working from the road, follow these five steps to strengthen your mobile cybersecurity initiatives.
By George Tubin, Director of Product Strategy, Cynet
The U.S. travel market is booming. According to the U.S. Travel Association, air travel demand was up 12% in June compared to the same time last year. AAA reported this year’s Fourth of July weekend may have set new records, with 2.1 million more travelers compared to last year’s holiday. Paula Twidale, a senior vice president at AAA, said her organization had never projected travel numbers as high as they predicted for July 4, 2023.
Unfortunately, leisure travel and vacations often pose a serious problem for businesses of all sizes. With 91% of organizations saying mobile devices are critical to their operations, according to a 2022 Verizon report, most work-related emails now are opened on a mobile device.
These stats underscore the increasing need for organizations to prioritize mobile security measures. Employees across organizations, from the most junior-level staff to the C-suite, are conducting business via their mobile devices, checking work emails while sharing an Uber ride, charging company devices at public charging stations in airport terminals or hotel lobbies, or logging into work apps via unsecured Wi-Fi networks that often lack adequate protections.
Why Cybercriminals Target Mobile Devices
In light of these travel trends and employee behaviors, it’s no surprise that 30% of zero-day exploits in 2021 targeted mobile phones and tablets—and that nearly half (46%) of small businesses reported a cybersecurity compromise involving a mobile device, according to Verizon’s research.
Why do cyberattackers love mobile devices so much? To start, they provide much of the same access as traditional endpoints and often serve as an authentication tool, allowing cybercriminals to more easily infiltrate an entire network through an unsecured smartphone or tablet.
And it’s not just travelers putting their business organizations at risk. The cloud data and applications that cybersecurity platforms protect are also left vulnerable if remote workers log into the same systems from an unsecured Wi-Fi connection.
Because hackers realize mobile devices are less likely to be protected, they have shifted their focus to smartphones and tablets as a preferred entry point when orchestrating an attack. Cybercriminals view mobile device vulnerabilities as the low-hanging fruit of cybercrime. Email phishing scams that play out over someone’s smartphone, zero-day mobile exploits, and other malicious mobile applications are all becoming more sophisticated. And while traditional mobile device management (MDM) solutions offer protection for managed devices, most fail to detect threats across all endpoints, mobile devices, networks, and cloud environments.
As cybercriminals get more savvy and develop new tools to compromise mobile devices and networks, security leaders must take extra steps and implement additional layers of protection to safeguard their systems.
5 Steps Security Leaders Can Take Now to Protect Mobile Devices
- Keep mobile devices secure: Regularly update company devices with the latest software patches and security updates. Implement a focused mobile device security app across all employee and contractor devices to protect against mobile device, network, phishing and app attacks before damage can be done. IT and security teams should continuously monitor their organization’s mobile devices to ensure the most current applications and security measures are deployed.
- Prioritize cybersecurity training to boost employee awareness: For smaller businesses that have employees who are more likely to use personal devices for work, it can be difficult to maintain visibility into their mobile usage habits or safeguard endpoints from attacks. That is why employee education on the latest mobile cybersecurity threats are so important. All employees should be instructed on best practices, such as using strong passwords, employing two-factor authentication, and being on alert to report any suspicious emails, texts or other suspect activity so that it doesn’t spiral into a full-on cyberattack.
- Make career training a top priority for you and your team: Educating employees outside of the IT and security department is important, but it’s just as important that security professionals stay up to date on the latest cybersecurity threats and attacks, especially when it comes to mobile security. Cybercriminals are rapidly advancing their capabilities and sharing what they know with fellow hackers in underground forums. It’s insufficient to simply monitor your business’ network and systems, even with advanced security technology. Expert cybersecurity professionals and CISOs must also keep abreast of emerging threats, follow recommended mitigations from industry analysts and national agencies, and even monitor the dark web to preempt cyberattackers’ ever-evolving exploitation efforts.
- Monitor network traffic: At large enterprises, most security teams already monitor their organization’s network traffic. But small- and mid-size businesses may lack the personnel to actively analyze all network activity. That’s why it’s vital to automate detection and response efforts with a security solution that includes mobile protection capabilities. An automated detection and response system that can integrate into your existing cybersecurity tools enables you to have complete visibility and monitor any threat alerts in real-time.
- Develop and practice a solid Incident Response Plan: Your company’s Incident Response Plan is among any security team’s most important pieces of documentation. It should serve as a playbook for any cybersecurity threat or attack, defining in detail the actions everyone on your team — as well as the business at large — should take if the corporate network is breached. If employees are conducting business on mobile devices, the plan should outline response protocol for mobile-specific attacks. An Incident Response Plan not only ensures you and your team are prepared, it provides a roadmap to investigate how the attack happened, contain and remediate the threat, and avoid future attacks. It’s important to review and rehearse your Incident Response Strategy on a quarterly, or even monthly, basis, so that, should you have to use it, the information is updated and aligns with your most recent security policies and protocols. You can also take advantage of battle-tested templates to customize an effective template for your organization’s unique needs.
The future of cybersecurity is centered on a business’ ability to protect mobile devices.
Last year, McKinsey reported a 15% increase in cybercrime costs, with 85% of small and midsize enterprises looking to increase security spending in 2023. The research firm listed the increase in “on-demand access to ubiquitous data and information platforms” as the top cybersecurity trend with large-scale implications.
“Mobile platforms, remote work, and other shifts increasingly hinge on high-speed access to ubiquitous and large data sets, exacerbating the likelihood of a breach,” according to the report, “Companies are not only gathering more data but also centralizing them, storing them on the cloud, and granting access to an array of people and organizations, including third parties such as suppliers.”
Mobile cybersecurity is more crucial now than ever before. To empower employee productivity while staying one step ahead of cybercriminals, businesses need security solutions that enable complete visibility and protection across all endpoints, mobile devices, networks, and cloud environments. By adding an extra-layer of protection to your cybersecurity stack, you gain peace of mind knowing your workforce’s mobile devices are protected — in the office, the beach, or wherever your employees may roam.
About the Author
George Tubin is Director of Product Strategy at Cynet and a recognized expert in cybercrime prevention and digital banking and payments security. He was previously Vice President of Marketing at Socure and Senior Research Director with the leading financial services research firm TowerGroup (acquired by Gartner, Inc.) where he delivered thought leadership and insights to leading financial services institutions, technology providers, and consultancies on business strategies, technologies, cybersecurity and Identity and fraud management.