Smartphones and tablets are popular mobile work devices in everyday business life. While employees appreciate the flexibility and freedom of mobile devices, they are unfortunately also a popular and frequently used target for hacker attacks. In this blog article, you can read more about the three biggest risks lurking in mobile working.
Many companies allow their employees to use business smartphones for private purposes (Corporate Owned, Personally Enabled – COPE) or private smartphones for business purposes (Bring Your Own Device – BYOD). However, both of these models are a real target for cyber criminals. If they are successful with their attack, they kill two birds with one stone, so to speak: they gain access to both private and professional data. To ensure the security and protection of their data both on the mobile device and in transit, companies must be aware of the risks involved in mobile working and take targeted protective measures.
Protection against unsafe and fake apps
There are numerous fake apps in circulation in the well-known app stores that look deceptively genuine but are actually fake and have been infected with malware or ransomware by hackers. Once downloaded, these apps gain access to the mobile device and can access both private and professional information or even lock the device and demand a ransom. Another risk factor is messenger services such as WhatsApp, which offer end-to-end encryption of data during transmission (data in transit) but do not encrypt the data on the device (data at rest). To make matters worse, WhatsApp can read users’ metadata.
Data protection for mixed use of mobile devices
The GDPR stipulates the integrity and confidentiality of data. Mixing private and business data on a mobile device therefore constitutes a violation. In order to make their employees’ mobile communication and collaboration GDPR-compliant, companies must therefore either rely on the use of company devices that may not be used privately, or opt to equip BYOD or COPE devices with a container technology that guarantees the strict separation of private and company data and applications. The advantage of this technology is that all important office functions such as email, calendar, contacts and documents are protected against unauthorized access within the container and communication between the mobile devices and the company’s own IT department is also seamlessly end-to-end encrypted by the container. This means that business data and applications are protected even if cyber criminals manage to gain access to the mobile device.
Raising employee awareness of data protection and data security
Raising employee awareness of data protection and data security issues is at least as important as a secure communication and collaboration solution, as employees are often unaware of the risks. Cyber criminals exploit this lack of knowledge and develop increasingly sophisticated attack methods that are barely recognizable as such for untrained employees. Phishing attacks are particularly popular, in which fraudsters send deceptively genuine-looking emails or chat messages and try to persuade users to disclose confidential data or open attachments that allow spyware or malware to get onto their mobile devices. Companies should therefore offer their employees regular IT security training to ensure the protection and security of company data.
Mobile devices are both a blessing and a curse for companies. On the one hand, companies can enable their employees to work flexibly and ultra-mobile, thereby increasing satisfaction. On the other hand, mobile devices are a popular target for cyber criminals. To ensure the protection and security of internal data, companies should rely on a secure communication and collaboration solution and regularly sensitize employees to the topic of “IT security”.