Mobile devices such as smartphones and tablets are a constant focus for cyber criminals. They are not only constant companions in everyday life, but are also used to transfer sensitive data without being subject to the same security rules as local work computers.
Operators of so-called critical infrastructures, which are responsible for providing basic services to the population, must exercise particular caution. Just recently, for example, it became known that the security deficiencies at Berlin’s water utilities have increased dramatically. A hacker attack could mean several weeks of disruption to the capital’s wastewater supply – a scenario with serious consequences, but one that is generally avoidable with good security standards.
In the following, Materna Virtual Solution describes the five biggest security risks posed by the use of mobile devices in KRITIS companies.
1. unauthorized apps
On personal devices that are also used for professional communication, users try out apps at will and messengers such as WhatsApp are particularly popular. However, the risk of installing malware is high. In addition, very few people are aware that many applications can cause unwanted data leaks, as the user gives the app permission to read their own address book by confirming the terms and conditions. This is fundamentally a violation of the GDPR.
2. insecure WLANs
Open Wi-Fi networks are available almost everywhere in public spaces: Restaurants, cafés, airports, they all offer hotspots – but mostly unencrypted. Access is therefore very easy for all users, including hackers. They can easily spy out data and even give the network a trustworthy name to attract potential victims.
3. BYOD & COPE
It is now commonplace to use private devices for business purposes or vice versa. The two models “BYOD” (Bring your own Device) and “COPE” (Corporate Owned, Personal Enabled) mean that data is moved back and forth between business and private areas – for example, when business data is stored in a private Dropbox account. However, not only does this increase the security risk, it also makes it difficult for companies to comply with the GDPR principles
4. password protection and encryption
Work computers are usually password-protected and well secured. But what about private devices? Passwords on smartphones are often chosen carelessly and there is no encrypted communication – hackers have a particularly easy time gaining access to sensitive data. The devices are also mobile and can be lost or stolen.
5. patching
Updates for smartphones and installed apps are necessary to close security gaps before attackers can penetrate. In practice, however, it is difficult for IT administrators to regularly check every single BYOD device in the company.
The attack surfaces for hackers are becoming ever more diverse and increasingly confusing due to mobile work on different devices. However, even the smallest security gaps can lead to major damage. IT decision-makers should therefore give top priority to security and raising employee awareness, especially in CRITIS companies.
In this blog post, we explain what a secure solution looks like and what points you need to consider.