More businesses are shifting technology from standard desktops to tablets and smartphones. This means sensitive data stored on mobile devices. Unfortunately, the uptick in digital storage comes at a time when malware and phishing schemes are rampant.
Mobile Devices and Cyber Risk
Smartphones outsold PC products in the last fiscal year. Their security lags behind that of traditional computing and is a breeding ground for malware, phishing, and other cyber threats. Firewalls, encryption, and antivirus software are underdeveloped or non-existent in the mobile phone world, and social networking features and the basic operating systems are not updated as much as personal computers.
Some firms have unwisely ignored the threat that storing more data on mobile devices poses to security. Consider an executive who loses his smartphone containing a blueprint of the company's past and future direction in the form of photos and documents. Continuing the example, suppose the executive also failed to back up the data onto a secure, external hard drive; the phone's data would be irretrievably lost.
Mobile Security and Business
The risk of losing data is not exclusive to fields like law and healthcare, which both require companies to handle a large volume of sensitive client data. An alarming 53% of companies reported archiving sensitive data from customers on mobile devices. This percentage is expected to balloon further as businesses shift from traditional desktops to mobile phones and tablets.
A BYOD - bring your own device - policy is something many businesses are eager to implement. An information technology online community survey found that over half were pushing their employees in a BYOD direction.
That said, malicious applications, domain-name poisoning, and jail-breaking schemes (overthrowing the manufacturer's operating system) all the future of BYOD initiatives.
Reasons Businesses Face Extra Risk
Approximately one-third of cyber attacks are now aimed at businesses with fewer than 250 employees. The reason behind this statistic is twofold:
- Larger companies have spent more money on high-end security measures to prevent cyber attacks; and
- Phishing schemes and malicious applications prey on relatively unaware and unprepared businesses (which tend to be smaller companies).
In spite of the evidence that cyber attacks and hacking are taking place, many prefer the route of least resistance - outright denial.
Risk Management
Employees should be advised to only download apps from reputable sources. Google Play or Apple's iPhone store are two examples of reliable purveyors of apps.
Malicious websites pose a threat with phony URLs in the hopes of transferring malware and spyware onto mobile devices. To combat this particular cyber threat, employees should only visit trusted websites and use extreme caution when opening suspicious hyperlinks.
Phishing schemes target their victims with links in text messages. The link resolves to a fraudulent site and often steals personal information like bank account data. Ignoring suspicious texts that request personal information can do much to mitigate cyber risk.
What's The Solution?
Establish a clear policy that outlines whether and how employees may use personal devices at and for work. Training can go a long way in making sure that employees understand how to avoid phishing scams and other attacks. Despite these precautions, there is still a possibility that your business data will be compromised. To manage this risk, talk with your risk advisor to determine the best solution for your cyber risks.
