Smartphones are the UKs number one device when it comes to accessing the internet. Smartphone users take their phones everywhere with them. They are used on nights out, on the commute, at home and in the workplace. However, employees using mobile phones in the work place can be problematic for cyber security. They may contain vital business information that if leaked could harm the company. Users connected to the company’s network on their personal device could also leave the organisation’s systems vulnerable to hackers. There are five real risks when personal mobile devices are used in the workplace.
1. Physical Access
As with all devices, physical access increases the risk of data being compromised. The mobile nature of smartphones makes the risk of physical access greater because they can be easily lost and fall into malicious hands that will exploit them for any valuable data. A seasoned attacker will be able to easily circumvent a password or pin code, giving them access to not only corporate information on the device but also passwords that may allow them to breach wider security too.
2. Malicious Code
Mobile platforms are still subject to malicious code whether it be in malware, applications or simple spam – all of these can allow a hacker access to all the information on the phone and the network it is connected to. The majority of malicious code on phones comes in the form of links. These can be on adverts or in text messages and if the user follows the link, their device will become infected. This type of malicious code can provide a hacker with a huge amount of information and unrivalled access to corporate IT systems.
3. Device Attacks
Computer systems have long been vulnerable to individual attacks in the form of gaining control of the device or a denial of service. These attacks are now making their way onto mobile platforms. This is a direct means of gaining access to all the information on the device as well as what is shared through corporate systems.
4. Communication Interception
Wi-Fi is unsecure, there is already a large volume of technology that makes it easy to hack into Wi-Fi networks and this will also work on Wi-Fi enabled mobile phones. Like Wi-Fi, cell signals can also be intercepted to gain important information. This means that all communication from a smartphone can be intercepted. If it is only a social media password that is taken it can be frustrating but if corporate system passwords are intercepted, it could lead to a devastating attack.
5. Insider Threats
Can everyone in the office be completely trusted? Probably not. Mobiles can be used to facilitate attacks against the company. A malicious insider could stuff their devices memory cards with sensitive company data before taking this away and orchestrating a full on attack using this. The employee may not even aim to attack the company it could simply be a case of their personal cloud storage being infiltrated or applications using the corporate network to steal secrets. All of these could cause leaks the company is totally unaware of.
Are you taking mobile security in the workplace seriously? Is there more you could do to protect data?
Learn more at Cyber Security Europe 2016, part of IP EXPO Europe.