Published Apr 12, 2023 by Xiph
Mobile devices have a much bigger attack surface than desktops, making them a more significant threat to corporate security. That’s because smartphones, laptops, and tablets are a treasure trove of information. We also use them for personal purposes like doing our online banking, shopping, and sharing personal photos – making them an attractive target to cyber criminals and a double whammy for users. That’s why it’s important to properly secure them.
What is mobile device security?
Mobile device security in the cyber world is designed to protect sensitive data and assets stored on and transmitted by mobile devices such as smartphones, laptops, tablets, and even wearables, as well as the network connection to those devices.
Securing mobile devices requires a multi-layered approach, and while each strategy will be unique to specific business or personal needs, mobile device security comprises universally agreed components such as endpoint security, Virtual Private Networks (VPNs), secure web gateways, email security, etc.
Read more: What’s a VPN & how does it work?
Why is mobile device security important?
Mobile device security is critical to corporate cyber security as mobile devices have a much bigger attack surface than desktops. From a business standpoint, mobile security protects enterprise data, applications, and systems stored on PCs and IoT devices remotely connected to a business network. Mobile device security must account for all the locations and uses that employees require while connected to a company network, and must account for the possibility of an employee losing a mobile device or the device being stolen. Conversely, as more companies embrace bring-your-own-device (BYOD) policies, it opens them up to attacks should unsecured devices connect to corporate servers and sensitive databases.
From a personal standpoint, smartphones and computers have become a mainstay in our everyday lives. But many underestimate the value portable devices hold, including emails, texts, contact lists, and even passwords. This information needs to be protected at all costs.
Mobile device security threats
Here are the most common mobile device security threats:
- Malicious or intrusive mobile apps
- Phishing scams
- Poor encryption or broken cryptography
- Data leakages
- Spyware
- Network spoofing
- Connecting to unsecured Wi-Fi networks (i.e. man-in-the-middle attacks)
All these threats fall within the category of web-based threats, but there are also physical threats like if your devices are stolen, damaged, or impacted by a natural disaster.
11 ways to properly secure your mobile devices
Mobile device security threats are always evolving, but there are some tried and tested ways to mitigate risks.
VPN: Always use a VPN when connecting to a corporate network from a remote location or when using public Wi-Fi. This encrypts your internet traffic and shields your internet connection and location. Organisations can use Always On VPN alternatives that automatically connect the client and VPN upon sign-in. Plenty of third-party services are set up specifically for protecting corporate traffic from a mobile device to the internal network.
Encryption: Ensure all your mobile devices have their built-in encryption turned on in the settings and security section. Most computer operating systems (i.e. Windows 10, macOS, Linux) and mobile operating systems (i.e. iOS, Android) support Device Encryption.
Multi-factor authentication (MFA): Use MFA or two-factor authentication (2FA) on all your devices when possible. This requires a second or multiple methods of authentication when signing into devices, or logging into certain apps or websites. Additional authentication methods include biometric features, push notifications to another device, text messages, etc.
Secure gateways: A secure gateway sits between users and the Internet to enforce consistent internet and data security, and compliance for all users regardless of their location or devices used. It protects network connections and keeps unauthorised traffic out of your organisation's network.
Email security: Phishing is one of the common threats to organisations, so beef up your email security to monitor email traffic properly. This should help prevent or reduce the likelihood of email-based cyber threats such as malware, spoofing, identity theft, and other social engineering scams. Adequate email protection includes antivirus, antispam, image control, and content control services.
Vulnerability scanning: Use automated tools and penetration scanners to identify vulnerabilities in endpoints. Other endpoint security solutions include antivirus software, web filtering, application/patch management, endpoint encryption, and management, etc.
Auditing and device control: Track internet and media usage remotely and install remote wiping capabilities and tracking services on all laptops and tablets. This will ensure that whenever a mobile device is stolen or lost, the business can protect the lost data by remotely wiping the device or blocking access to it. Every business should have a BYOD policy with a strict remote lock and data wipe requirement.
Use a Faraday sleeve: Secure your mobile phone, laptop, and other portable electronic devices in a signal-proof Faraday bag or sleeve to shield them from wireless technologies and prevent hacking or tracking. This is particularly important if you travel overseas for work.
Backups: Set up automatic data backups for all your mobile devices, and cloud-based apps and services This will ensure you can get back your business information, contacts, and any relevant data should any devices be compromised or lost.
Updated software: Set up automatic updates for the latest security patches on your firmware and devices. Major mobile services providers like Google’s Android and Apple’s iOS roll out new updates every few months.
Mobile device management (MDM): This is a set of policies and technologies that control the configuration, monitoring, and management of your employees’ personal devices, such as phones, tablets, and laptops. Mobile Application Management (MAM) oversees the management of applications on mobile devices.
A final word
The mobile threat landscape is always evolving, which means organisations and IT teams need to always account for more vulnerabilities and update their security requirements accordingly. A strong mobile device security policy will go a long way to keeping your business safe from threats. For more information, contact us via email: enquiries@xiphcyber.com.
Posted in: Security
Related reading
Mandatory Data Breach Notification Scheme in effect
Feb 12, 2018
For quite some time, businesses have been able to self manage their IT problems and most importantly their security breaches, when I say breaches I mean possible hackers who could be trying to get your personal information. On February 22nd those security breaches will no longer be “self managed”, as the Australian Government has finally made it so businesses are legally obliged to report such incidents, there has been many failed attempts to bring this scheme to light, many different Governm...
Public Wi-Fi security tips + how to stay safe
Oct 26, 2022
The convenience of free public Wi-Fi is hard to resist but can cost you if you’re not careful. The dangers of using open wireless networks are twofold. Firstly, your connection is not secure (and can therefore be easily compromised) and secondly, your data is often unencrypted – leaving you open to hacking and identity theft.
How to protect your privacy on mobile devices
Nov 22, 2016
We are all familiar with identity theft – but it used to be as simple as someone stealing your wallet and using your credit card. Now, with digital technology extending into every avenue of our lives, hackers can do much more. Most of us carry around our smartphones without giving too much thought to the risks. But if hackers target your phone, that embarrassing photo could easily find its way online, your bank accounts can be vulnerable to theft, and even your location can be revealed.