While businesses were laser-focused on securing computers and servers, devoting much of their IT security budgets to protecting them from a breach, mobile devices have become a major threat. The rise of business cloud apps and mobile device capabilities have created an environment where mobile devices are used to handle about 80% of the work in the average office. But they’ve been largely overlooked when it comes to network security. For example, many companies rely on employees to use their personal devices for business but don’t monitor device access to business data. A recent report from Verizon, the Mobile Security Index 2021, uncovered many troubling statistics that relate to the threats facing companies due to lack of mobile device security.
Over Half of Companies are Experiencing Breaches via Mobile Devices
The report found that 53% of surveyed companies have suffered a mobile device-related security breach with major consequences. Seventy-one percent of companies say that mobile devices are “very critical” to their business, thus those devices are handling more of the work and are becoming a higher risk than other types of technology.
Employees & Employers Aren’t Yet Taking Mobile Security Seriously
Of those companies that had a mobile device security breach, 54% said that at least part of the fault lies with user behavior. Users tend to feel that mobile devices aren’t the thing they need to worry about when it comes to malware and phishing. So, they do things on their smartphone that they wouldn’t on a business workstation. Statistics show that:
- 49% of employees allow friends or family to use their work mobile devices.
- 93% of Android devices are running outdated operating system versions.
- Additionally, there’s been a 600% increase in visits to adult content websites on work devices throughout the pandemic.
But employees aren’t the only ones to blame for attacks on mobile devices becoming such a big security threat. Here are some of the stats that show companies also haven’t handled mobile security very well:
- 92% of companies aren’t taking any technical measures to block the use of unprotected public Wi-Fi on company devices.
- 31% of companies weakened their app installation restrictions due to the pandemic.
- 45% of companies that prohibit social media use on work devices know employees do it anyway.
Mobile Apps Can Be Dangerous
Companies are relying on mobile apps more than ever. Three-quarters of business leaders say that their use of mobile business apps is growing. For instance, apps can be dangerous for two key reasons.
- Data Leakage: Some legitimate apps have security flaws that cause them to leak data.
- Mobile Malware: Malware is often hidden inside a fully functioning app and can unleash ransomware, spyware, and more.
1 in 25 mobile apps has been found to leak credentials. Without a policy in place to restrict the types of apps employees can download onto devices used for work, all data and accounts the device is attached to can be compromised.
Steps to Improve Your Company’s Mobile Device Security
There’s no better time than now to take the steps needed to improve mobile device security. Even if you’re a small business, just one breach can lead to major consequences like a ransomware infection throughout your entire network. Here are some of the things to do to secure employee use of mobile devices at work.
Use a Mobile Device Management Application
Mobile device managers provide companies a way to keep track of all employee devices that have access to business apps and data. They’re also particularly helpful with a BYOD (bring your own device) policy for separating the “work” part of a phone from the personal side, so you can protect your data without sacrificing privacy. When you use a mobile device manager, things like employee offboarding and onboarding become much easier and you’re better able to ensure devices are secure. Some of the things these applications do include:
- Allow remote update management
- Instantly grant or revoke access privileges to a device
- Remotely lock or wipe a stolen or lost device
- Monitor device access to business data
Put a Cloud App Use Policy in Place
Most companies don’t allow employees to download just any software onto their business computers due to security concerns. They should do the same with mobile apps and restrict the apps that can be installed on work devices. Dangerous apps often appear in legitimate app stores for days or weeks before they’re removed. People can easily be fooled into thinking “I can just delete it” so they’re lax when it comes to what they download on their phones. A policy with enforcement mechanisms needs to be in place to safeguard against mobile malware.
Use Security Best Practices, As You Do for Computers
Mobile devices need many of the same best practices adopted that computers have. These include:
- Email spam filtering
- DNS filtering
- Virtual Private Network (VPN)
- Screen locks
- Patch/update management
Get Expert Help With a Mobile Security Plan
Copperband Technologies can help your southern Kentucky or Middle Tennessee business ensure you have a solid mobile device security plan in place, so you’re not left at risk of a breach. Contact us today to schedule a consultation! Call 931.263.8000 or email us.