In 2020, the number of daily smartphone users in the world totals 3.5 Billion or 45% of the world’s population. However, the total number of people who own a smart or feature phone is 4.78 Billion or 61% of the world’s population. As with anything, the more popular it gets, the more likely it is to be attacked by hackers. Thus we are seeing a dramatic rise in Mobile device attacks similar to the one CyberHoot discussed relating to Jeff Bezos.
Mobile Security Risks
When companies are looking to secure their businesses, most are looking at the traditional threats; ransomware, DDoS attacks, securing firewalls, securing servers, ensuring data is backed up, etc. What many companies do not yet realize is that through mobile devices, hackers are seeing and stealing your company’s sensitive information.
Verizon’s Mobile Security Report for 2020
A Verizon study of 1,100 cybersecurity and business professionals published in Q1 of 2020 found that about 40% said they had been compromised through a mobile security incident. This is up from 33% just a year ago. Of the 1,100 professionals, 55% of them said that the repercussions of a mobile security compromise were long lasting. Furthermore, the report showed a lack of care and understanding surrounding mobile security, with 62% of companies sacrificing mobile security for expediency.
How Are People Getting Hacked?
The way attackers are getting into these mobile devices is similar desktop or laptop attacks. First, hackers are targeting you through phishing attacks. Second they are attacking through malicious, public, unsecured WiFi network attacks. Verizon found 72% of employees use public WiFi networks, including 55% of employees at companies who prohibit them from doing so.
Verizon’s report concluded that nearly half of the professionals interviewed have fell for multiple phishing attacks in the past.
What Can Be Done?
The first thing that can be done is by ensuring you and your employees aren’t using public WiFi when accessing sensitive information. If you must use public WiFi to access the Internet, setting up a secure VPN connection can significantly reduce the likelihood of getting breached.
Setting up two separate WiFi networks in your business is strongly recommended as one should be a Trusted Wi-Fi Network and one should be a Guest Wi-Fi Network. Having visitors and guests at your business that need to access the Internet can use the guest network, which allows them to only have access to the Internet and none of the sensitive information involved with your network.
Having employees sign on to the trusted network is best practice, while authenticating them with Active Directory (AD). A network that is AD authenticated will have you enter your AD username and password to validate you’re still an active employee.
Defending Against Phishing Attacks
The good news is that phishing attacks are one of the easiest things to train your employees on how to spot and avoid. Follow these best practices to reduce your likelihood of being breached by a phishing attack.
- Train your employees on how to spot, avoid and delete phishing attacks.
- Test your employees with Phish Testing attacks; re-train those that fail in your tests. CyberHoot.com offers free phishing tests for qualified Clients and MSPs. Simply email Support@CyberHoot.com and we will contact you to complete the testing.
- Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to. Employees reusing passwords will absolutely enter their credentials.
- To protect the Internet from phishing attacks using your domain name to trick users; setup SPF, DKIM and DMARC records to block the receipt of emails masquerading as your domain name.
Fixing these two issues can help improve you and your business’ cybersecurity hygiene. These are popular weaknesses in today business’, but they are also the easiest risks to fix. Training employees to use best practices and becoming aware of how they are being targeted by hackers is one of the easiest and most effective ways to secure your business.
Related Reading: FBI: The Most Perpetrated Cybercrime Is Not What You Think