Mobile devices in the office

Today’s advanced mobile devices are well integrated with the internet and have far more functionality than mobile phones of the past. The smart phones of today are increasingly used in the same way as personal computers (PCs), which potentially make them susceptible to similar threats affecting PCs connected to the internet.

When companies welcome the devices onto their networks, they also welcome the added risk of mobile security threats. If not carefully managed, they can put the company’s systems and data in jeopardy.

 

Mobile threats to a company’s network

  • User managed devices - most companies have a “bring your own device” policy which allows employees to bring personal devices into the office. However, most times, these mobile devices are insecurely configured or lack stringent security features. These deficiencies present vulnerabilities which can be exploited to gain access to the device or to launch a cyber attack. Once connected to the company’s network, theses potential risks are transferred to that network and opens the company to possible cyber attacks.
  • Untrusted networks – Oftentimes, we find employees who access company emails or other company platforms via their mobile devices. Company information are most times saved on these devices. Once out of the office, these mobile devices can be used to access untrusted networks or Wi-Fi connections. Once connected to an untrusted network, a malicious user can use this connection to infiltrate and view information on the device, hence having preview to company information.
  • Insecure Mobile Applications – The manufacturers of mobile devices and operating systems have made it easy to download and install applications. However, some mobile applications come with built in vulnerabilities specifically designed for malicious purposes; while others have unknown vulnerabilities. Further, some mobile applications before installation, require access to other applications and in haste to install these requirements are often times overlooked by the user. Any risk or vulnerability to the phone is then passed on to any other device or network that the phone will be connected to.
  • Location Services – Most mobile devices include GPS, which can be used to share the device’s location to allow services. If accessible to the potential attackers, GPS can also be a powerful tool, indicating the location of the device and the behavior of its owner, such as the people and systems the person can physically access.  

 

The Guyana National Computer Incident Response Team  (GNCIRT) recommends the following tips to safely connect mobile devices to a network.

  • Restrict or prohibit BYOD devices on the network - Allow access to only low-risk environments, such as guest Wi-Fi on an isolated network.
  • Require authentication to unlock the device – enable the personal identification number (PIN) or password to access the mobile device, if available; encrypt personal and sensitive data, when possible.
  • Avoid joining unknown Wi-Fi networks – Delete all information stored in a device prior to discarding it and maintain situational awareness of threats affecting mobile devices.
  • Maintain up-to-date software - including operating systems and applications.
  • Avoid the used of third-party applications – third party applications are not authorized by mobile device manufactures and cannot be trusted.
  • Add access controls - to the company’s desktops, laptops, and servers to prevent connection with a mobile device.
  • Limit the use of location services - to a set list of apps or restrict specific apps such as those used for social networking or photo publishing.
  • Establish a Bring Your Own Device Policy – If employees are allowed to use their personal devices for company business, make sure you have a formal Bring Your Own Device (BYOD) policy in place.

 

References

  • Security of Mobile devices (January 17th, 2020). Received from BtCirt

          https://www.btcirt.bt/security-of-mobile-devices/

  • Mobile Security Threats to your network: Top 7 and Tips (November 15th, 2017). Received from Calyptix Security

          https://www.calyptix.com/top-threats/mobile-security-threats-to-your-network-top-7-and-tips/

  • The risk of staff using personal devices for work (May 8th, 2019). Received from Leaders Choice Staff

          https://www.leaderschoiceinsurance.com/blog/the-risks-of-staff-using-personal-devices-for-work/