Cybersecurity experts love to talk about things like zero trust network access, cloud protection, and micro-segmentation. All those things are worthy of discussion. But sometimes it is the simpler things that really matter. Take small business and its use of mobile devices. It turns out that mobile devices are a huge cybersecurity risk for a lot of companies, a risk many are not even aware of.
Mobile Devices – Ubiquitous Yet Vulnerable
It goes without saying that mobile devices are ubiquitous. Just in terms of cell phones alone, there are now billions of them active worldwide. Throw in tablets and other mobile devices and you have a virtually unlimited supply of avenues threat actors can compromise from virtually any location. It is not pretty.
The Big Challenge
The big challenge with mobile devices is public access. Devices are designed with wi-fi capabilities in order to preserve data. But public wi-fi networks are inherently insecure. They are prime targets for hackers who have no problem sitting in coffee shops and airports looking for devices they can easily hijack.
Even without public wi-fi availability, there are ways to break into mobile devices. Some of them only require that hackers be within a few feet of a device ready to be compromised. That is bad enough for personal devices. But when you are talking company devices, you’re often talking access to extremely sensitive data as well as network applications and other services.
BYOD Only Complicates Matters
Company-owned devices are the starting points for trouble. But threat actors really don’t care who owns a cell phone or tablet. That being the case, bring your own device (BYOD) policies only tend to complicate matters. Companies often implement BYOD to save money and make life easier for employees. What they do not seem to understand is that employee-owned devices introduce additional security threats simply because they aren’t limited to company use.
Password Protection Is a Must
Breaching mobile devices doesn’t even have to occur by way of wi-fi or data connections. A cell phone inadvertently left on a coffeehouse table is just waiting to be swiped and exploited. For that reason alone, password protection is a must for all company devices and employee-owned devices with access to company data. The use of biometric protection can also be helpful when available.
Along with password protection is data encryption. This shouldn’t be a problem for company-owned devices managed by a knowledgeable IT team. It may be problematic in a BYOD setting. If a device cannot be encrypted, it should not be allowed access to company networks or data.
Don’t Forget Security Apps
Password protection and data encryption are just the starting point for protecting mobile data. Both are buttressed by a range of security apps designed to keep threat actors out. Just like a company secures its computers and network infrastructure with app-based solutions, they need to do the same for mobile devices. Failing to utilize security apps is yet another invitation to disaster.
Mobile Devices Are a Weak Link
Mobile devices make doing business more convenient. They make it possible for team members to stay in the loop even when they are not physically in the office. But here is the fundamental truth, a truth we take seriously at Hillstone Networks: mobile devices are a weak link in the cybersecurity chain. In some small businesses, they are the weakest link.
Perhaps your company cannot afford to do without mobile devices. Fair enough. But you also cannot afford mobile devices that are not as secure as they possibly can be. Don’t take chances. Make sure all your mobile devices are protected against cybersecurity threats.
