Mobile devices have become indispensable tools for businesses of all sizes. For small businesses, in particular, the flexibility and convenience offered by smartphones and tablets can significantly enhance productivity. However, the increasing reliance on personal mobile devices also brings a host of security risks. According to Kaspersky’s Annual Threats Report for 2023, malware attacks on mobile devices increased 32% last year. (1) Cyber terrorists target personal mobile devices, because they understand that many remain completely unprotected. This brief blog will identify the risks associated with using personal mobile devices for work tasks, the importance of multifactor authentication, and recommend five essential security protections for employees.
What Are the Risks?
As more employees use their personal mobile devices to access work-related information, small businesses face several critical security challenges:
- Data Breaches and Loss of Sensitive Information: Personal devices often lack the robust security measures implemented on corporate devices. This increases the risk of data breaches, where sensitive business information can be accessed by unauthorized parties if the device is lost or stolen.
- Lack of Control Over Security Measures: Businesses have limited control over the security settings and software installed on personal devices. Employees may not always follow best practices for device security, leaving gaps that can be exploited by cybercriminals.
- Increased Vulnerability to Malware and Phishing Attacks: Personal devices are more susceptible to malware and phishing attacks due to the variety of apps installed and personal browsing habits. Cybercriminals often target mobile devices with malicious software designed to steal data or disrupt operations.
- Challenges with Ensuring Compliance with Security Policies: Ensuring that employees adhere to company security policies on their personal devices can be challenging. This non-compliance can lead to security vulnerabilities and potential breaches.
Spotlight On MFA
Multi-factor authentication (MFA) is a security measure that requires users to provide two or more verification factors to gain access to an application or system. It is a critical component in securing mobile devices, especially when accessing sensitive business information. According to Google, MFA prevents 99% of all bulk phishing attempts.
Despite its importance, many personal devices used for work do not have MFA enabled. This oversight significantly increases the risk of unauthorized access if a device is compromised. By requiring multiple forms of verification, MFA makes it much harder for attackers to gain access to business systems and data.
Top 5 Recommendations
With solutions such as Microsoft’s Intune, small businesses can afford to manage mobile devices effectively and security. However, many employees balk at offering that level of control to their employers for personal devices. As a result, to mitigate the risks associated with mobile devices, small businesses should educate their employees on the following security best practices:
1. Use Strong, Unique Passwords and Change Them Regularly
Encourage employees to create strong passwords that are difficult to guess and to change them periodically. A strong password policy can significantly reduce the risk of unauthorized access. In 2019, hackers exploited weak passwords to gain access to 100 million Capital One credit card applications. (2)
2. Enable Multifactor Authentication (MFA) on All Work-Related Apps
MFA adds an extra layer of security by requiring additional verification steps beyond just a password. Employees should enable MFA on all applications that access work-related data. In fact, the 2021 Colonial Pipeline ransomware attack highlighted the need for MFA, as the lack of this security measure contributed to the breach. (3)
3. Keep the Operating System and All Apps Updated
Regular updates often include security patches that fix vulnerabilities. Employees should ensure their devices’ operating systems and applications are always current. For example, the famous WannaCry ransomware attack in 2017 exploited outdated software, affecting numerous organizations worldwide. (4)
4. Avoid Using Public Wi-Fi for Work Tasks or Use a VPN
Public Wi-Fi networks are often unsecured, making it easy for attackers to intercept data. A study by Norton found that 60% of users believe their personal information is safe when using public Wi-Fi, despite the risks of data interception. (5) Employees should avoid using public Wi-Fi for work or use a virtual private network (VPN) to encrypt their connection.
5. Regularly Back Up Data and Use Encryption Where Possible
Regular backups ensure that data can be recovered in the event of a device compromise. Encryption adds an extra layer of security, making it harder for unauthorized users to access data. The 2021 ransomware attack on JBS, a global meat processing company, demonstrated the importance of backups, as the company was able to recover data without actually paying the ransom – in the end. (6)
Conclusion
Managing mobile devices in a small business environment presents unique challenges, but with the right security measures, these risks can be mitigated. By educating employees on the importance of strong passwords, multifactor authentication, regular updates, secure Wi-Fi practices, and data backups, small business owners can protect their sensitive information and maintain operational integrity. Implementing these recommendations will help ensure that mobile devices remain valuable assets rather than potential liabilities.
Dynamic Edge Can Help
Since 1999, Dynamic Edge has helped hundreds of small and mid-sized businesses maximize the return on their technology investment. Contact us today for a free network assessment, so that we may help you implement cost-effective security solutions to keep your organization and its clients safe and productive. Our Help Desk features friendly, experienced engineers who answer calls live and solve more than 70% of issues on the first call.
- https://www.kaspersky.com/about/press-releases/2024_global-mobile-banking-malware-grows-32-percent-in-2023
- https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html
- https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know
- https://usa.kaspersky.com/resource-center/threats/ransomware-wannacry
- https://www.nortonlifelock.com/us/en/newsroom/press-kits/2022-norton-cyber-safety-insights-report-special-release-online-creeping/
- https://www.nytimes.com/2021/06/09/business/jbs-cyberattack-ransom.html
