These days, just about every one has a smartphone. But what you do with it can have serious recprecussion for both your personal privacy and security, as well as for your organization’s sensitive data. Read on to see how you might be putting both at risk, and what you can change to improve your mobile security stance.
Failing to lock down your device
While it may not be the most effective form of security – in fact, it’s arguably the weakest – it’s still a first line of defense. Whether it’s locking your phone with more advanced technology like the iPhone 5S’s fingerprint scanner or using a more simplistic method like a PIN or password lock, locking your device locally can be the differentiating factor that keeps your lost phone protected long enough to track it down or wipe it remotely.
Not having the most up to date (and therefore the most secure) versions of your apps
Apps are often released with vulnerabilities, and sometimes those security flaws even manage to persist throughout multiple updates and iterations of the software. By the time developers finally get to patching the vulnerabilities in their apps – like the recent issues with the LinkedIn Intro app for iOS that allowed attackers to easily spoof profile information — users could be multiple versions behind if they aren’t diligent about keeping up. Keeping your software up to date by downloading updates as soon as possible after they are released can prevent users from posing a security risk to their companies simply by using their apps.
Storing sensitive, work-related data on an unauthorized device
Storing your company’s sensitive data on your private device isn’t an egregious sin if your firm has a BYOD arrangement available for its employees. If it does, that means that tabs can likely be kept on any of the private information that’s being stored on your mobile device (and if those sort of measures aren’t in place, that’s a whole other issue).
But storing company information on unauthorized devices and/or private devices when a BYOD program isn’t in place is just asking for a breach. Even worse is if the employee in question is keeping the data in a location on the phone that is being synced up with cloud storage during backups, so keeping business and personal data separate is key.
Opening questionable content
There are a number of ways users can access shady content via their mobile device. Messaging poses a particular threat in the form of SMS. Spam texts containing links to sites that pose threats are not unheard of, for example, and users should avoid opening links from sources they don’t recognize.
Equally risky is downloading apps from third-party app stores. Apple and Google may not be flawless in their approach to weeding out questionable apps from the App Store and Google Play, respectively, but at least there is some sort of screening process. When you download software from untrusted sources that are not, for example, Google or Apple approved, there’s no telling what kind of malicious software you may end up with.
Not adhering to your company’s social media policies
Most companies have some kind of policy in place regarding disclosing sensitive information or data over social channels, so it’s important that you learn it so that you can use social media on your mobile device responsibly (or, in the case of some policies, not use it at all). While some social media slip-ups may be obvious, like disclosing insider information or data, even sharing seemingly innocuous information about your company can be problematic. That means no writing Facebook posts about that coworker of yours that just got fired, no matter how tempting it may be.
Not equipping employees’ devices with some form of MDM or encryption
This one is on corporate and IT. Employees/users don’t control MDM, but companies should always have some sort of encryption or MDM in place for all devices that have access to its networks and private data. This is especially true in the case of BYOD, where users are using their own mobile devices for work and are therefore more likely to lose it, or otherwise put themselves in a position where they could compromise sensitive data.
Using public or unsecure Wi-Fi
When it comes to using Wi-Fi instead of your phone’s data connection, stick to what you know is secure, like networks with WPA2 encryption. Open, unprotected networks are entirely too risky, especially for users that are carrying sensitive company data on their devices. Aside from making it all too easy for others to access your mobile device’s information by sharing the same network, public Wi-Fi can even allow attackers to hijack your device through your apps. Vulnerability was recently discovered in some iOS apps, for example, that allowed attackers to intercept the traffic between the app and a public Wi-Fi server and instead send their own data to the victim’s phone, including malicious links or fake news.
Source: Associated Press