Studies show that people either don’t understand the cyber security risks associated with their mobile devices risks, or they are simply employing the age-old adage of “It won’t happen to me.” With the Australian government warning of cybercrime increasing at a frightening pace, costing us an estimated $1 billion a year, it’s time to time to treat our connected devices with the same duty of care that we afford our wallets
The first step in making this change is to improve our understanding of the risks associated with the small device in our pockets:
1. Your lost phone is a hacker’s treasure
Lost phones are the number one cause of data breaches. Our photos, emails, text messages and apps can be an open door for thieves into our personal information, privacy and financial accounts.
2. Spoofed hotspots
Spoofed hotspots are Wi-Fi access points created by hackers. The hotspot imitates a legitimate Wi-Fi access point provided by a nearby business, such as a coffee shop that offers free Wi-Fi access to customers. By logging into the Wi-Fi, an unwitting user accidentally gives the hacker access to their laptops. The hacker can then steal login credentials and redirect the victim to malicious websites.
3. The inside job
Businesses are also vulnerable to the insider threat. That is, a data breach caused by an employee – be it intentionally or unintentionally. Despite the modern hacker’s sophistication, insiders have an unwavering upper hand over any external actor. That’s because insiders like you and I already have access to internal files from our devices that then travel, in our pockets, outside of the business with us.
Either through a careless mistake or purposeful action, an employee can create a catastrophe for their business if company information on our personal devices gets into the wrong hands.
4. Missed updates
We’ve all been guilty of it. You’re rushing to hit a deadline, and you ignore that small notification that pops up in the corner your screen or notification pane on your phone, reminding you to install a new software update. You would never think that missing an update could leave your company or personal details vulnerable to cyber attacks. However, as last year’s global ransomware attack – which affected multiple Australian businesses – shows, the failure to keep software up to date can do just that.
5. Fake apps
Fake applications are on the rise. These imposter apps can trick you into revealing sensitive data or login details. Some can also install malicious software on your device that gives the hackers control over other functionality, or allows them to monitor your activity in the background, potentially watching which websites you visit or what you type.
The best way to avoid these threats is with vigilance and care. Some of the simplest security measures can make a huge difference. Always having password protection and deploying multi-factor authentication are a simple but very effective first line of defence.
If you often work remotely, it might also be worth talking to your IT team about the mobile security tools it has in place. There are agentless solutions out there that can keep sensitive data on a phone, laptop, or tablet completely secure, without requiring you to install software onto your device. Additionally, if you ever lose your phone or tablet, your IT team can use these tools to wipe corporate data remotely and quickly from the device, meaning you won’t have to worry about a simple mistake causing a catastrophic data breach for your company.
David Shephard, Vice President Sales – Asia Pacific and Japan, Bitglass