Mobile Devices Security

Mobile Devices Security

With the existing threats to computers, mobile devices are more prone to cyber threats due to the latest technology which has not been tested against all possible security loopholes. Mobile security has always been a weak link for cyber attacks in organizations since the introduction of mobile devices to the internet. These issues have not just been brutal on Organizations but also on Non-technical mobile users, due to lack of awareness and the severity of their attack. 

The rapid pace at which mobile technologies evolve requires regular reevaluation of a mobility program to ensure it is accomplishing its security, privacy, and workplace functionality. Often, to achieve a completely secure environment and to fully mitigate the security challenges associated with Mobile information systems, built-in mobile protections may not be sufficient.  

Significance of Mobile Security statistics 

As observed, over 50 percent of business PCs are mobile, and the increase in Internet of Things (IoT) devices has been imparting new challenges to network security in this world of Mobile workforce. Consequently, IT must adapt its approach to security. 

Mobile device security threats are on the rise. In 2014, Kaspersky detected almost 3.5 million pieces of malware on more than 1 million user devices. By 2017, Kaspersky’s in-lab detection technologies processing reached 360,000 malicious files per day. And 78% of those files were malware programs, meaning that over 280,000 malware files per day were detected—many of which target mobile devices. The top seven mobile threats observed in 2020 are as follows 

  • Data leakage 
  • Unsecured wifi 
  • Network spoofing 
  • Phishing attacks 
  • Spyware 
  • Broken cryptography 
  • Improper session handling 

Wakefulness towards Mobile Device security 

A mobile device doesn’t only contain private information about the user but also about the business. Hence securing a mobile device is a necessary step in the world where hackers are seeking opportunity to breach into any available system. A mobile network security plan must account for all of the different locations and uses that employee’s demand of the company network, but there are some simple steps to improve mobile device security irrespective of the user being technical or non technical.  

  • Keep Security Software updated: In order to cover the vulnerabilities of your device, it is necessary to keep your operating system and mobile software updated. 
  • Antivirus: An authenticated antivirus usage protects the system from malwares and also informs the user if the device has been breached 
  • Unused apps: It is a good practice to delete all the unused applications from your mobile devices at regular intervals 
  • Strong password: To have a strong password not only benefits it from unauthorized usage but also if the device is stolen, the user’s account and other data remain the same. Also having biometrics locks on your system increases the security of the device. 
  • Security and Privacy settings: Using security and privacy settings on websites and applications to allow them access on your system or the information being shared is a prime concern these days. 
  • Wifi and Bluetooth: Disabling Wifi and Bluetooth when not in use can prove beneficial as these can be used by attackers to track the user’s movements. Few retail stores use this to track their customer movements inside their store. Also Public wifi’s are not secure and intruders can easily track your work through these networks 
  • Phishing: Multiple emails are sent to users from unauthorized sources with malicious links which can implant a malware on the system as soon as clicked. This malware can have the potential to delete your files or monitor your work. Thus any link sent on email or message should not be opened until from an authentic source. 
  • Device tracking application: Usually the Mobile devices have a tracking system available these days that needs to be activated by the user. This enables us to track our device remotely and remove the data from your device in case of theft or loss. 

Organizational Security 

Bring your own device: When an organization permits their employees to bring their own devices for work, it is not only a security challenge for organization but also brings a huge responsibility to the employee. Security of information in this environment can be accomplished by organizations using Mobile device management, which is a centralized manager, usually consisting of intelligent software running on a server or specialized hardware.  

This software has the ability to communicate out on the internet and with all of the mobile devices in encrypted format. Mobile device manager controls all the functionality of the mobile device linked to an organization, also capable of creating a partition in your device for organizational usage and the rest of the device can be used by the user for non business purposes. 

National cyber security center of Excellence updated two of its major publications in August 2019, where the primary was concerned with Mobile device security. This publication related to the security of mobile applications, including that agencies ensure they apply necessary security protocols throughout an application’s vetting process to ensure they are “reasonably free from vulnerabilities.” 

 Michael Ogata, computer scientist at NIST’s Applied Cybersecurity Division, noted that some of the main things lacking from an initial publication, released in July and updated on various threats based on industry-accepted standards like Common Weakness Enumeration (CWE), Common Vulnerability Enumeration (CVE), and the Common Vulnerability Scoring Standard (CVSS). 

Gema Howell, another computer scientist at NIST’s Applied Cybersecurity Division said NCCoE is working on a build for bring-your-own-device (BYOD) deployments that will include cloud-based tools to manage endpoints that aren’t provided by the government. Many agencies have remained reticent to adopt BYOD due to security concerns, but Howell said it will provide “an alternative to the fully-managed approach”.