The growing need for data mobility and corporate mobile devices means cybersecurity strategies must be adapted to the evolving post-COVID reality.
Reality has changed significantly for companies, with the mobility of both information and devices increasingly becoming fundamental pillars for success. However, this landscape presents numerous cybersecurity risks.
According to Check Point, almost 30% of businesses suffer from cyberattacks caused by the security compromise of a mobile device. Because mobile devices are now so intrinsically linked to corporate networks, a breach in mobile security can have a devastating impact a company’s entire IT infrastructure, leading to downtime as well as loss of business and brand credibility.
Providing employees access to important business information via mobile devices improves productivity, but also exposes companies and their networks to significant risk. Many businesses mistakenly try to solve this problem by employing endpoint management solutions, but soon discover that approach ineffective against sophisticated zero-day threats.
To avoid potential security breaches, here are some tips from the cybersecurity firm for companies to consider:
- Request user authentication: It is important to establish security measures such as screen locking by means of a password or built-in biometric authentication. This limits unauthorized access and forms a first barrier that keeps information on the phone protected.
- Encrypting data on mobile devices: Data encryption is a fundamental solution to protect both the information stored on the devices and the information that it sends. Without the decryption key, unauthorized users will not be able to access the data. Also consider VPN since this provides a secure Internet connection by using private servers in remote locations. All data traveling between the device and the VPN server is securely encrypted.
- Keep the operating system and apps updated: Apply the latest available security patches for your device’s operating system and trusted applications regularly. New updates usually have the latest security fixes and patches.
- Avoid connecting to public Wi-Fi networks: These types of connections are unprotected and pose a very high risk to corporate data, since they are easily hacked through Man-in-the-Middle attacks. It is therefore important to turn off the ‘automatic connection’ function on your mobile device.
- Limit application downloads to trusted sources: Downloading and installing any type of program that come from third party sources can pose a serious risk to the privacy of corporate information, as well as to the integrity of the device itself. (Note some caveats)
- Do not forget to backup: In case of a mobile breach, or a mobile malware attack that makes the data inaccessible, or simply because a device is lost or stolen, the impact of the data loss should be minimized by having it accessible and up-to-date elsewhere. Make automated backups from mobile devices part of the IT security routine.
- Enable remote data access and deletion: The possibility of theft or loss of a device means it is important to have access tools to lock it and even remotely delete the data it contains. In this way, unwanted access to sensitive corporate information is prevented.
- Take precautions against mobile phishing: Check Point notes that 23% of phishing attacks during the first quarter of the year were directed at smartphones. Avoid clicking on suspicious links or files that could trigger the download of malware.
- Browse only secure websites: When visiting a website from a mobile device, make sure it is protected with an SSL security certificate (check for HTTPS before the domain name), which encrypts the user’s data. (TLS is also becoming common.)
- Conduct security audits on mobile devices: It is important to periodically check the ‘health’ of mobile devices to detect vulnerabilities and security holes that may pose a risk to the entire corporate network.
Said Yael Macias, Check Point’s product marketing manager: “While companies must adapt to new realities that drive data connectivity and mobility, it is essential they are aware of the challenges that this poses to corporate information security. Given the growing number of devices connected to corporate networks, companies should adopt a cybersecurity strategy based on threat prevention that can scale and protect a larger number of devices and connection points.”