Today’s enterprise has plenty to worry about. Increased legislation, a more complex world economy, and cyber security rank high on the list. To complicate matters further, many businesses are struggling to comprehend exactly what threats mobile devices bring to the table. Whether the business engages in a company-owned mobile device program or BYOD, the threats are numerous and ever-changing. What mobile threats should your company be concerned about?
Failing to Implement and Enforce a Mobile Policy
Does your mobile policy clearly address issues like data ownership, approved app installations, and a sound exit policy? If it does, are the policies enforced consistently among all departments and ranks? A good mobile policy is approved and regularly reviewed by the IT department, legal, and other stakeholders. Without it, the company has no control over the data on those devices or the access those devices have to the IT network.
Man in the Middle Attacks
A man in the middle attack, the more common threat within a group of threats known as connection hijacking, is all too easy to allow to happen. It usually occurs when a mobile user accesses the corporate system via a public or unsecure Wi-Fi connection. The attacker essentially piggybacks on the connection to gain access to the system. Hence, the man in the middle.
Authentication attacks are attacks on mobile devices that are orchestrated to hack into business networks by gaining access to the authentication codes and credentials on a user’s device. These attacks are sometimes launched to gain access to personal information on a mobile device, but they often target the ‘bigger fish’ — the system the device is set up to access legitimately.
Mobile Payment Apps and Features
Mobile payments got their start with PayPal and have grown into serious business. Facebook now offers mobile payments directly through their Messenger app, and in addition to numerous banking apps, users can make transactions via Google Wallet, Apple’s Passbook, Lemon Wallet, Square Wallet, and a host of others. These are dangerous both for the business and for the individual user.
Failing to Update Android Operating Systems
Many users do not get any updates for their Android devices between major update releases. Since mobile malware is released constantly, many new threats are introduced to the mobile environment between these major releases. That means that a substantial portion of mobile devices are unprotected against current threats at any given time.
Insider threats are often thought to be only malicious in nature, but the majority of threats that are successful happen due to negligent or ignorant users, not malicious ones. Employees who lose their devices and don’t report it to IT or who download dangerous apps or visit unsafe websites have no malice at all, but still pose a tremendous threat to the organizations IT environment.
Is your organization taking steps to protect against these and other common threats that come with mobile access? Learn how now when you watch our webinar: How to Predict, Detect and Protect Against Mobile Cyber Attacks.