[BreachExchange] Are your company mobile phones a data breach waiting to happen?

[Destry Winant]

https://www.thelondoneconomic.com/lifestyle/consumer/are-your-company-mobile-phones-a-data-breach-waiting-to-happen/05/02/

Whether as a perk or a way to accommodate employee desires to work
remotely,company-issued mobile phones and laptops are becoming
increasingly commonplace.These are often provided at considerable cost
to a business—£270 per employee per month, according to one study—yet
only 11% of businesses take more than one basic measure to protect
their mobile networks.

A recent study has shown that corporate data breaches, made all the
more easy by the widespread use of company mobile phones, cost
businesses nearly £6.1 million last year in total, a figure which has
risen year on year. With 1.7 million incidents of cyber crime recorded
by the ONS in the twelve months between April 2017 and March 2018
alone, the problem doesn’t look set to go away any time soon.

How to improve corporate mobile security against any threat

First and foremost, company-owned devices should be protected with
cyber security software as a first line of defence. Mobile security
specialists Wander a note that the best solutions takes three steps to
protect devices: detecting, preventing and then containing any cyber
threats. Making use of these programs can catch any threats before or
as they happen, saving a business’s devices—and as a result vital
internal networks—from external corruption, viruses and malware.

Beyond technical measures, businesses can themselves formalise a
company-wide mobile threat defence policy. Many businesses have
started investing in training courses to help staff recognise
suspicious looking emails—though as one recent episode of the Reply
All podcast made clear, that may not be as easy as it sounds.
Similarly, making sure that staff register all devices with management
for insurance purposes, as well as protecting devices with at least
one unique password (which is regularly changed) will go a long way to
keeping business-owned tech safe.

Three major mobile security risks to a business’s confidential data

Phishing scams

Phishing is a way of illicitly obtaining private information through
carefully-designed messages which look legitimate—as noted above,
suspect emails are all too easy to miss. After clicking a link in an
email and entering their details as requested, a user has effectively
surrendered their personal information to an unknown hacker.

When it comes to company data, the consequences can be even more
severe. A recent Mashable report noted that phishing scams are on the
rise, and as technology evolves, so too do these attacks. New variants
including smishing—text message based phishing—which is using the
increased technological capabilities of mobile devices to catch users
off guard.

Syncing company data to personal devices

One of the main reasons cited for corporate-issued mobile phones is to
prevent company data from finding its way to staff-owned devices,
which are just as susceptible to external attacks. However, while some
businesses operate a bring your own device, or BYOD, policy, the
reverse—letting staff use their company devices for personal
matters—poses an equal risk. For one thing, all data accessed on a
company-owned smartphone becomes the property of the company,
including any malware,viruses or hacks suffered. Consequently, while
there is some controversy over the privacy rights employees have, it
should discourage them from conducting any non-work business on
company phones.

Poor quality VPN proxies

Computer Weekly recently noted that remotely accessing a company
network through a virtual private network(VPN) is becoming a much more
frequent way for staff members to interact when they aren’t all based
in the same office. VPNs are often touted for their flexibility and
convenience,offering a secure network which allows participants to
sign into an encrypted connection, no matter where they are located.
However, anyone using them on public connections can leave the entire
network vulnerable and exposed to outside interference if they aren’t
careful. Wired have more information on choosing the most appropriate
VPN for your business’s needs.