How safe do you feel from an end user safety perspective when it comes to your mobile devices?
Corporate security has always been a priority for business, not just for compliance but also to keep the business running smoothly.
Thanks to the boom in remote working we now have the added complication of bring your own devices (BYOD) thrown into the mix. On average 30% of homes now contain a minimum of 5 connected devices. This is a seismic shift when you consider that as recently as 2017, one in ten people stated they did not own a single connected device. 85% of mobile phishing happens outside of email apps. Combining the fact that over 96% of mobile users have communication or social apps on their phones and organizations are sacrificing mobile security puts everyone at risk.
It almost becomes immaterial how information is being accessed. Whether it’s users at home using their corporate device logging onto Amazon or Ebay and entering their personal credit card details for those Christmas purchases, or users with their own personal devices that are also accessing their corporate data. Either way, personal or corporate, the merger of information is there. We can’t stop it anymore - and indeed, we shouldn’t.
But what follows is that being a victim of a cyber attack can also be a double loss. It can mean the loss of corporate data but also that of an individual. The corporate reputation and financial loss will be left by the business, and the individual may also suffer huge personal loss and all the personal welfare and stress that brings with it as a result.
Remember that any security is only as good as its weakest link. With nearly half of all data breaches occurring as a result of human error or glitches, the door is often wide open to potential attacks.
Let’s give some examples: Phishing.
Phishing is defined as “cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords”.
It’s rife - and even more so with this year’s boom in online shopping. The aforementioned Amazon is a case in point: as the world ramped up to the busy Black Friday and Christmas shopping period, we’ve seen a huge spike in phishing emails that feature an Amazon URL, with a 101% increase in phishing related to ‘Amazon’ in October 2020 vs. 2019.
According to Verizon’s 2020 Mobile Security Index, 85% of mobile phishing attacks are now happening outside of email. The key areas that are now being targeted are social media areas such as your favourite social media platform or even dating apps, and QR codes. They’re becoming more sophisticated and much more prolific, in many cases capitalising on the fear and uncertainty around this year’s pandemic to leverage their attacks. Action Fraud reported a large increase in romance scams in the summer months, with the average victim of romance fraud losing just over £10,000. The most popular platforms where these interactions had taken place were Facebook, Plenty of Fish, Instagram, Tinder and Match.com.
When it comes to QR codes, the increase in use especially in relation to the boom in contactless payment, also raises security concerns. QR codes have a whole host of vulnerabilities, not least replacing a legitimate QR code with one that launches a malicious URL or tries to download customised malware when scanned. According to a Mobile Iron survey, of the 38% of those surveyed who have scanned QR codes in the last month, almost three quarters (71%) of the respondents felt they would not be able to distinguish between a legitimate and malicious QR code. So there’s that open door again...
The dangers are real and are most definitely lurking…
So the big question is: do you, as the end user, feel safe and secure on your mobile device? And if not, what can you do about it?
The perception of mobile data management has been around managing your data, making it secure and protected and users don’t behave improperly, especially from a corporate perspective. In the current climate we need to protect the corporate data while enabling personal usage with no “Big Brother” interference which makes users feel intimidated. Securing the critical, protecting everything but giving no visibility to anything personal is key.
In our next blog we’ll look at the behavioural changes and actions you can take to protect yourself, and how our solution can support all of this so you feel more secure as an end user. In the meantime, if you have any questions around mobile security, please get in touch!