Introduction to Mobile Security Threats in IT

By CIOReview | Thursday, September 22, 2016

The ways of consuming internet has rapidly transformed from a 14 inch laptop or desktop screen into a modest screen of just five inches on mobile devices. Now, the mobility feature of devices has provided a way for seamless computing and storage of data files, sending mails, and even uploading files on the cloud.  However, the risks of security and information breaches are a high for organizations that have turned to all mobile-environment when compared to those that are still utilizing desktops.

Rise of Mobile Security Threats in IT

To bring into the light, the dizzying pace of digitization, the 2010 IDC report found that, the sale of smartphones has outpaced PC sales. Organizations can easily execute mundane tasks through the use of mobile devices to complete their work such as answering emails, scheduling meetings and other disseminating confidential data and information. Usage of mobile devices no doubt serve as a productivity factor for enterprises by scaling activities and operations involving flow of exhaustive volume of data but, also becomes as vulnerability point for hackers to break through the firewalls and access sensitive information.  Statistical data on hacking of organizational and customer information has often revealed a less appealing picture of companies that woke up to embrace reality and gear up after the aftermath of security breaches. In order to avert damages to the stakeholders and organizational integrity of firms that have adopted mobility practices as well as prevent exposure of customers’ information that mostly cost dearly to companies, it is essential to classify and demystify the types of IT risks.   

Types of Mobile Security Threats in IT

Like viruses and spyware affecting the PC’s, there are several security threats that affect mobile devices.  The security threats can be classified into Application- based, Web-based, Network- based, and physical threats.

Mobile applications indeed provide convenience and seamless functionality, allowing users to choose the best to serve their needs. Developers on the other hand are creating wide array of applications for various functionalities and activities. Moreover, anyone can create and develop an application which further poses security issues to mobile devices. Some of the malicious apps are unlicensed and is specifically designed to commit fraud. These serve as an vulnerability and entry points for companies to encounter application-based threats like  malware attacks, and spyware, privacy threats.

Mobile devices are frequently connected to the internet for accessing web based services. Web-based threats comprise of phishing attacks, drive-by downloads, and browser exploits are common. Phishing attack is scam to trick users by using social engineering through mobile apps, facebook, twitter, and text messages. It takes advantage of users’ behavior and gain access to sensitive data by allowing the users to simply  click on links.

Alternative to phishing scam, the drive-by downloads automatically downloads applications while visiting any web page and run them in the back-end. In addition, Browser exploits as the term suggest, visits the unsafe web page and installs malwares or spyware into the device.

Network spoofing involves creating fake access points in traffic locations including libraries, and coffee shops. Moreover, users get encouraged to connect to the network are requested to create an account to access the network.  The risks can be prevented by not disclosing personal information when connecting to any free-WiFi. Free WiFi is not all for free after all.

Lastly, since mobile phones are handy and can be carried with us everywhere, the loss or theft of devices increases the risk of information exposure and identity thefts. The devices can be further sold and user may end up losing his sensitive information as well as organizations.

Simple Ways to Secure Mobile Devices against Threats

The benefits of mobility in the organizations can be lost if the smartphones and tablets are not adequately secured against security threats. The ways of securing mostly includes enabling user authentication. This method involves mobile devices connecting to the internet and  authenticated by creating password or PINs. The password should also be masked to observe and further eliminate unauthorized access.

Authenticity also plays a pivotal role when applications are downloaded. It can be ensured by implementing a two factor authentication when conducting sensitive transaction on mobile devices. Two factor authentications add an extra layer of security by enabling additional information of the user, along with a password and username. Moreover, mobile devices can be included as the second factor of the two factor authentication, by generating pass codes, or the codes can even be sent to the phone via a text message.  Anti-malware capability should be installed to protect against malicious applications, viruses, and spyware. In addition, anti-malware capability can also wipeout the unwanted voice messages, text messages, and e-mail attachments.

Additionally, installing security updates frequently can fix vulnerabilities against unauthorized access.  Establishing a mobile device security policy determines the organizations rules, principles and practices and covers areas such as roles and responsibilities, infrastructure security and the security of wireless devices.

After all, Smartphones and tablets are effectively taking the place of desktops while offering lesser level of security and control compared to desktops.  Certain smart devices from RFID and chips to thermostats can’t always be monitored and protected by antivirus solutions. Moreover, users should prevent downloading leaky apps that stores any sensitive personal and corporate data in an insecure manner.