Years ago, CEOs and managers didn’t want consumer devices in the workplace as they were considered a distraction. Today, businesses that do not allow workers to use mobile devices are putting themselves at a competitive disadvantage.
The important thing to understand is that an increase in mobile devices increases the chances of a breach, to the point where all companies should accept the fact that it’s probably going to happen. There needs to be a focus on understanding what to do when the breach occurs and how to mitigate against it before serious damage is done. Increasingly common consumer mobile devices open up the enterprise to all sorts of cybersecurity threats.
Below are some ways that employees’ mobile devices can put corporate networks at risk:
- Data leakage: Mobile apps are often the cause of data leakage because users give the apps on their phones all kinds of permissions without checking security. These apps can send personal and corporate data to a remote server.
- Unsecured WiFi: When employees are out and about, they’re accessing corporate networks with little or no thought to the risk posed by public WiFi networks that are not secure, when at coffee shops, airports, or even while at a sports event.
- Network spoofing: Speaking of public places, network spoofing is another user-caused vulnerability. Hackers set up fake access points that look like Wi-Fi networks in high-traffic public locations such as coffee shops, but they are traps. When users are prompted to create an account to access this free WiFi, they typically use an email address and password they’ve used elsewhere. Then what? Then the hackers gain access to email and other secure information, including corporate data.
- Phishing: Apparently, people checking email on mobile devices are much more vulnerable to phishing attacks since they check their email so frequently. In addition, on a smaller screen, it’s easier for a phishing email to pass as a legitimate one.
- Spyware: Simply put, spyware is software that gathers data from a computer or other device and forwards it to a third-party.
- Broken cryptography: Broken cryptography happens when app developers use weak encryption algorithms with known vulnerabilities because they want to develop the app faster. Broken cryptography also happens when app developers use strong encryption but leave open back doors.
- Improper session handling: Improper session handling results from apps being built in such a way that users don’t have to re-authenticate their identity. Yes, this makes using mobile apps faster, but it makes it easier for a hacker to impersonate legitimate users.
How Dandemutande can help you?
The employee is actually the weakest link in the security chain. As a customer-centric organisation, Dandemutande has an obligation to not only provide the best but the most secure service, as unhygienic cyber behaviour will compromise the customer’s data and networks. We, therefore, offer Cybersecurity Awareness Training (CAT).
CAT is a strategy used by organisations to educate employees or computer system users on existing and new information security concerns. This awareness training helps both employees and management understand IT governance issues, be aware of security concerns, as well as learn the importance of appropriately responding to incidents.
This training is to educate employees on protecting their computers, mobile devices, personal information and online safety from various cyber criminals prowling the web for potential targets. The purpose of security awareness training is to help the user develop essential competencies necessary to tackle possible security challenges. CAT is one of the most effective strategies to reduce exposure to various cyber threats.