Are Smartphones the Achilles' Heel of Your Company's Cybersecurity?

June 17, 2019

Remote working is slowly becoming a trend to watch for, and companies all around the world are mostly willing to accommodate. Studies suggest that companies spend as much as $350 per employee every month to provide company-issued smartphones and laptops, which is not that negligible of a number. Regardless of that, only 11 percent have taken more than a single measure to keep their mobile networks safe from a potential data breach.

Cybercrime Is on the Rise

Speaking of recent studies, one of them found that the widespread usage of company smartphones caused several corporate data breaches. And the financial consequences can be downright mind-numbing. In fact, they reached a total of $7.8 million in the last year alone. Taking a look at the statistics presented by ONS doesn’t make things any more reassuring either. Did you know there were more than 1.7 million incidents of cybercrime between April 2017 and March 2018?

The 3 Phases of Cybersecurity

So it goes without saying that companies should invest more resources and effort into reinforcing their cybersecurity. This starts with picking the right software. According to the industry experts, cybersecurity should be approached in a linear order, and these are the 3 phases of it:

Detection
Prevention
Containment

With that being said, an ounce of prevention is worth a pound of cure, so patching up any holes remains an important part of the overall strategy. Keeping your internal network malware-free today will save you a ton of problems tomorrow.

A Company-Wide Policy Will Get You Far

There is something the companies can do that is beyond the technical cybersecurity measures. Namely, coming up with a company-wide mobile threat defense policy. Observing the landscape reveals that numerous companies are starting to recognize the importance of investing money into educating their employees. By undergoing rigorous training, they are able to recognize the most prevalent cybersecurity threats and suspicious-looking emails.

Another important aspect of keeping the company tech safe is using a unique password on every account. It’s also important to change them periodically.

What Are the Top 3 Cybersecurity Risks to Be Aware Of?

Knowing the risks is half the battle. Otherwise, how are you going to fight it if you can’t pinpoint the threat you’re up against?

1. Phishing attempts

Phishing is a clever trick designed by hackers to trick you into handing over your sensitive personal details. Often, they are able to accomplish this by passing themselves as a form of authority and pressuring you into handing over your login credentials. They don’t ask for them directly; rather, they try to divert you to a fake login page that serves no other purpose than to steal information from unsuspecting victims.

If sensitive company details fall into the wrong hands, all hell breaks loose. And let’s not even get started on regulatory fines, the loss of trust, etc. Unfortunately, phishing attacks seem to be increasing in frequency, so taking extra care certainly won’t hurt. Bear in mind that these are not limited to email either; text message based phishing is another threat the companies need to be aware of.

2. Being too liberal with syncing company data with personal devices

You can take all the steps in the world to protect your company data. But what good does it do if it finds its way to a personal device with subpar protection against external attacks? On a similar note, using company devices for personal matters poses risks as well.

In normal circumstances, a personal device would get infected with malware in case the user lands on a malicious website. But as much of an impenetrable fortress your company devices may be, there is always something that can weaken their defenses.

3. Not taking enough time when choosing a VPN

VPN is one of the primary ways employees use to access a company network while they’re not physically present in the office. That’s because a VPN allows you to establish a secure connection regardless of your current location.

However, doing your research is a crucial part of the process when choosing a business VPN, as not all of them are equally good. Some free providers, for example, monetize their product in unethical ways, which involve selling your bandwidth, redirecting your browser and installing malware behind your back. Moreover, don’t forget that a VPN will only protect you from certain cyberthreats, so exercising common sense is still needed.

Harold Kilpatrick is a cybersecurity consultant and a freelance blogger for NordVPN. He's currently working on a cyber security campaign to raise awareness around the threats that businesses can face online.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.