The Real Risks Of Mobile Technology In The Enterprise
Smartphones have made work extraordinarily flexible. But keeping them safe has gotten tough as sophisticated and dedicated hackers seek to exploit bring-your-own-device (BYOD) environments.
"Because BYOD combines enterprise and personal data on one device, we're keeping a lot of data on these phones," said Andrew Blaich, a Lookout security researcher who spoke at this year's Interop ITX.
Some mobile attacks are invisible, as the malware vanishes before even the most astute users get suspicious. Mobile spyware has gotten good at covering its tracks, even deleting itself. By removing evidence of the attack after a quick data dump, attackers hope to fly under the radar so they can prey on more victims.
And not all attacks come from apps and malware. Building a spoof cellular tower is a minor expense for a high-value target, one that is difficult to detect. (Information about the cell tower to which a phone connects is typically hidden.) It's also inexpensive to build. "You can make your own cell site for less than $1,000," Blaich said. "These cells try to get your phone to connect and then funnel voice and data traffic wherever they want."
When it comes to protecting enterprise mobile devices, your everyday users may be the most important link in the security chain. Working with colleagues to ensure they protect their mobile devices will keep data and networks safe.
Blaich offers these tips for staying ahead of mobile attackers:
Keep devices up to date by pushing out updates regularly.
Remind users to avoid suspicious
links, especially from unknown senders.
Send suspicious links and apps to cybersecurity organizations like US-CERT.
Conduct continuous monitoring of the network, or enlist a managed security services provider to do it for you.
And, if you think an attack is underway, "act quickly to protect yourself, your team and your organization," Blaich said.