Is Your Mobile Device Putting Your Company at Risk?

Are you addicted to your mobile device? Most of us are. Everything is a tap or swipe away. You can check account balances, pay bills, order from online stores, deal with business email and documents, etc… Essentially, mobile devices allow you to manage your life untethered. Hackers realize that too and are targeting mobile devices more than ever.

Mobile apps containing malware may be the gateway to a cyber breach for your company. Hackers will exploit the malicious code which may be included in a seemingly harmless app like a simple game or quality of life app and take control of the device or peruse your valuable information, looking for something of real value.

So how does malware get to your mobile device? Some apps are deliberately developed with vulnerabilities in their code that may be exploited at a later time. Others are created with best intentions but include flawed code that hackers will scan for and exploit.   Once hackers have access to your mobile device they will often look to steal corporate or personal information such as organization network passwords, medical data, and bank account information. According to a recent article in Risk Management magazine Bruce Snell, Cyber Security Director at Intel Security said that “seventy-five percent of mobile apps we scan contain vulnerabilities”.

There are a couple risk factors related to mobile devices:

• BYOD – once a convenient way for organizations to provide connectivity to their workforce it can now be viewed as a potential risk as users may not keep their devices up to date, download apps containing vulnerabilities, and visit potentially dangerous websites
• Flawed app development – Apps developed by third parties or even in-house developers may contain unintentional vulnerabilities in their coding, giving hackers an entry point into the device or network

How does an organization combat this risk?

1. Acceptable Use Policies – An organization should lay out the ground rules of how corporate controlled devices should be used. Include this in your employee handbook and ensure staff is aware of the guidelines
2. Enforce Acceptable Use Policies with MDM software – Mobile Device Management (“MDM”) software will allow organizations to enforce their use policy. MDM grants the organization the ability to wipe lost devices, blacklist or whitelist apps, automate updates, etc.
3. Multiple Devices – It’s best if users have separate devices for personal and business use. It’s cleaner and reduces the likelihood that their personal use habits will put the organization at risk
4. Strict Enforcement and Audit of BYOD policy – If BYOD is utilized by your firm, users should comply with your guidelines before they are enrolled into your program. Ensure they have the latest security updates and aren’t jail breaking or rooting their device

Mobile devices have been integrated into everyday life and are here to stay.  While these devices provide numerous benefits they also present a variety of risks which must be managed and mitigated as part of organization’s overall cyber risk strategy.

Click to read the full article, “Downloading Danger, the Growing Threat of Mobile Malware”

Click here if you’d like help with structuring your Cyber Risk program or to request more information about The ALS Group.