Building Resilience: Three Ways to Defend Your Company Against Mobile Threats
As we already showed in this series, it doesn’t matter whether your company has 5, 50 or 50,000 employees. If you have a mobile workforce (and these days, who doesn’t?), you are at risk of a mobile attack. Attacks on small businesses are growing, and consequences are especially severe – over 60% of small to medium-sized companies that are hacked never recover and go out of business within six months. In spite of this, smaller businesses tend to only spend a tiny amount of their IT budget (less than 10%) on security, which is part of the reason that hackers see them as easy targets.
Large enterprises tend to spend more, but they also have a different set of vulnerabilities. For one thing, hackers know they can pay more. For another, there are far more people with mobile access to their network, which, considering the danger posed by human error or carelessness, increases the risk of something, somewhere going wrong. Take, for example, a case where stolen credentials from an HVAC (heating, ventilation and air conditioner) vendor gained hackers access to the network of one of the ten largest retailers in the United States. The retailer estimated that the breach ended up costing them over US$202 million (RM833 million).
Understanding mobile threats
If every business is at risk, it follows that every business needs to take precautions. The good news is that there are steps you can take right now to strengthen your defences against mobile threats. The even better news is that you have taken one important step already; reading articles such as this one and gaining a strategic understanding of a very modern threat. You can’t protect yourself against an invisible enemy.
The fact is that cybersecurity, especially mobile threats, are not fully understood by many business leaders. Consider that in Asia Pacific, a quarter of organizations surveyed reported a cyber security incident, but an even greater percentage had no idea whether they had been breached or not.
With so many companies out there taking little to no precautions against mobile attacks, hackers simply have to reach out for the lowest hanging fruit.
How to move higher up that tree
Regardless of whether you are a small, medium or large business, there are three vital steps to make yourself less vulnerable to attacks:
- Educate your employees
Are your employees aware of the risks involved with downloading apps? Do they know how to create and remember strong passwords? Are they updating their smartphones frequently enough to keep them safe?
Make sure each employee understands threats, what a breach can cost your company, and how to reduce vulnerabilities. Train them in best practices for password hygiene, checking app sources and permissions, locking down their physical devices, and all other safety precautions for any device that interfaces with company data, personnel or systems.
In addition, always keep in mind that you are dealing with human beings who are fallible by nature. The risks are too great to hope that all information presented in a single session will sink in. To create a truly solid mobile security culture, re-enforce the lessons learned on a regular basis.
- Implement mobile security policies
Providing information on how to protect your company is the first step. The second is ensuring that employees actually follow best practices in mobile security. If you already have cyber security guidelines, make sure these are up to date to include mobile threats.
This will put you ahead of most companies whose policies have been found to include only early forms of protection (such as limiting network security to firewalls) and not addressing more recent, dangerous, and costly threats such as ransomware and phishing.
Encourage everyone who has access to your network and data to protect your company’s interests. Establish, share, and enforce strict mobile security guidelines that cover both company-issued and personal devices used for work.
- Contain the threat
Once hackers have access to, say, a smartphone, it takes time for them to breach your network – but not a lot. We’re talking less than a day, and the most sophisticated hackers can accomplish this in less than 20 minutes. Therefore, you need a way to know immediately when any employee device has been breached.
Once alerted, you have to be just as swift in containing the threat to prevent it from spreading. The speed required is more than you can ask of a person or even a team. However, a solid mobile security solution can offer this, as well as several other layers of protection.
Keep in mind that an mobile security solution is not the same as antivirus. There are numerous solutions on the market, so how do you choose the right fit for your needs? This question will be answered in our final article.