What’s one of the first things you do when you wake up? A high percentage of individuals will answer “check my phone, “or “check my email,” which is inevitably linked to their mobile device anyway. We get it – it’s easy, and it’s way more convenient than getting up and opening your laptop to sign in. We’ve become a society that’s heavily reliant on our mobile devices, and as of recently, we’ve become even more so reliable on mobile capabilities. With the increased remote work environment that began in March due to COVID-19, mobile communications have become more robust than ever. Mobile apps, VPNs, hot spots, and other outlets are making it much easier for mobile access on-the-go. However, with anything good comes some bad, and while mobile access is extremely convenient, you still need to be extra cautious of your cybersecurity posture when operating any mobile device.  

Because of the overall increase of security threats due to COVID, mobile threats are on the rise as well, and we’re here to guide you through the potential risks and how to prevent them from happening to you. Mobile devices have slowly replaced the personal computer or laptop – after all, they are miniature computers, and they should be treated and protected as such. We fail to remember that we’re carrying around small computers that have the same security vulnerabilities as a PC or laptop and face just as many threats, if not more!  

But, of course, we’re still human, and we all make mistakes. According to the Verizon Wireless Security Index 2020 report, 43 percent of companies surveyed admitted that they sacrificed security for expediency, convenience or profitability targets, or lack of budget and expertise. As companies and organizations, there’s still a major disconnect between the leaders and team members and the importance of security goals – especially with mobile. The laxer they are with their security goals, the more opportunities there are for a security breach – and that can be very difficult to come back from as we’ve seen happen many times in our industry.  

Common mobile threats today are occurring through the following:  

• Data leakage  

• Insecure Wi-Fi  

• Spyware  

• Phishing and social engineering attacks  

• Network spoofing  

• Poor cyber hygiene – weak passwords, improper or absent usage of multifactor authentication (MFA)  

• Poor technical controls such as improper session handling, out-of-date devices, and operating systems, and cryptographic controls  

Overall, these issues are fixable, but organizations/individuals continue to be the target primarily because security is put on the backburner and treated as a cumbersome task. Most don’t want to take the time to appropriately respond to a threat, but rather to a text, email, or business proposition first. Let’s face it, mobile devices were designed for convenience and productivity on-the-go, and as a culture, we’ve been conditioned to treat our mobile devices with little to no care in terms of security. How we prevent mobile security threats has little to do with technical solutions and a lot to do with supply and demand and where we assign proper value – meaning, mobile devices don’t rank high on our security radar.   

To properly evaluate your mobile security posture, you must first identify the commodities of mobile capabilities which include convenience, productivity, network performance, security, privacy, cost and maintenance, data accessibility, and cross-functional collaboration between business sectors. Identifying these commodities will help businesses put a value to each and to address them one by one while ranking their importance to the specific organization. Each company’s security posture will vary in what they put a higher focus on. Once these commodities have been addressed and evaluated, this will allow for identification for gaps in vulnerability and risks and how to address/monitor them.  

After successfully addressing your risk factors, the next step is to carefully deploy your methods of strengthening your security posture which might include:  

• Whitelisting vs blacklisting of specific applications  

• BYOD – bring your own device usage vs. separation of all work and personal usage  

• Network restrictions and related costs – this helps to prevent employees using an unsecured Wi-Fi network  

• Mandatory VPN usage  

• MDM – mobile device management platform configuration – this means limiting and/or completely restricting the use of some or all mobile apps and capabilities  

There are many other factors in tightening up your mobile security posture, but these are the most vital and will at least provide a significant jumpstart in the right direction. Businesses need to be aware of any usage via computer, laptops, and mobile devices and treat them equally when evaluating their cybersecurity posture as a whole. If you have any questions or concerns, please contact us at TechGuard – we offer mobile application assessments and one of our cyber experts will be more than happy to help!