With the advent of advanced smartphones, our communities and businesses have become more mobile than ever before in the last decade. The ease of operations along with instant access to the resources has totally changed the way we see work now. Surprisingly, it didn’t even take many years for mobile technology to become a part of our extended reality. We have adopted it in our lifestyle without any resistance and this behavioral change has occurred irreversibly.
Work has shifted from on-premise to everywhere. You might be sipping a cup of coffee in an airport while attending a meeting with your team spread across all the different locations. The network within which you are working has spread dramatically to the space which is out there in the open. The network perimeter has dissolved and our devices are exposed to the whole world while at work.
Does that mean we are taking security for granted? Are we really secure to conduct our business in such a setup? For how long are we safe until we get listed in a hacker’s target list? What kind of cyber attacks are happening through phones in the world? How can we prevent ourselves completely? These are few of the questions we would be addressing in this feature.
Reasons for Security Compromise on Mobile Phones
With the dissolution of network perimeter, the threat surface of organizations has grown much larger. Below are few points that make your smartphones more vulnerable for conducting your business.
Mobile Data Storage
To work mobile, you obviously need data access from anywhere. That means your data has to be stored either on Cloud or your local drive in your phone. This increases the risk of leakage of confidential information in case your phone gets hacked.
Gateway to a Larger Network
Because of being connected to a larger network, e.g. a stock broker using mobile to perform transactions, mobile phones can act as a gateway to a larger network for hackers to attack. Forget about mobile phones, even lesser sophisticated IoT devices are proving to be enough for hackers to intrude a network and steal sensitive information.
GSM or Wi-Fi attacks
The hackers may try to eavesdrop on your Wi-Fi or GSM network. The GSM network uses encryption algorithms belonging to the algorithm family called A5. Ever since this encryption algorithm was made public, it has been proven that it can be broken by hackers within hours.
Public Wi-Fi networks can also be easily broken by the hackers to distribute malware into the connected devices. Hackers can eavesdrop the communication while being able to steal login credentials or hijacking accounts.
Mobile devices are handy. That is as much of a risk as it is an advantage. Even when your mobile is not hacked, just a physical possession of it can amount for a big loss. Of course you can keep your devices secure through passcode or fingerprint access, yet research from Kaspersky Lab shows that almost 52% of people still don’t password-protect their devices.
Few Real-life Incidents
There have been more than 55 million attacks on mobile phones recorded just last year. The month-wise numbers can be seen in the below illustration for the last two years.
Few of the major incidents that made it to the top news are:
WhatsApp used to inject Israeli spyware on phones
In an incident that took place on one of the most widely used app, WhatsApp, in 2019, a malicious code developed by an Israeli company called NSO Group, could be injected in users’ phone through voice calls on WhatsApp. The company immediately realized the loophole that allowed such an incident and patched the flaw.
Walgreens Data Breach
In another incident last year related to Walgreens, the second-biggest pharmacy chain in the US, it was reported that an error in their mobile app with more than 60 million downloads allowed users to view other users’ private messages. It exposed many private information such as names, prescription details and shipping address.
Under Armour Password Leakage
Under Armour is a sports and fitness company that has its mobile app called MyFitnessPal. In an attack, nearly 150 million users’ passwords to the app were cracked giving the hackers access to all the information about the users’ diet routines. Nearly a year later, some of these records were found available for purchase in the dark web.
Managing Digital Identities: The Most Prominent Security Solution
Just like users, mobile authentication is an integral part of enterprise security solution. Only verified mobile devices must be allowed to use enterprise’s resources. They have to be authenticated through digital certificates that allow security measures in the following areas:
- Email Access: Devices with digital certificates allowed to access corporate email servers.
- Email Encryption: That allows encrypted communication and prevention from phishing attacks.
- Secure Wi-Fi: Similar to the computers that can access your corporate Wi-Fi, you can install certificates too on mobile devices to allow them to your Wi-Fi network.
- VPN Access: VPN connections can be configured to allow devices with pre-installed certificates to access corporate network.
Beside these areas, using Digital Certificate Management Solution would have added benefits like better user experience, increased security and low-cost solution. With features like auto-enrollment of certificates, it leaves no gaps in the availability of certificates and thereby, providing ceaseless connectivity.
While there are other measures too you can take to secure your employee’s mobile devices, Certificate Management Solution is one of the most advanced security features you can adopt. In this blog, we haven’t even scratched the surface of the immense benefits it can bring to your organization.
To know more on this, schedule a call with our experts.