Mobile has changed how businesses must approach security and protect not only their information but the information of their customers as well. Telecommuting and BYOD add to the mix of security issues that modern businesses must concern themselves with.Here we take a closer look at these issues.
Mobile Payment Security Issues
Mobile payment technology isn’t as safe as many people think. While companies such as Apple and Google are working to ensure users that their data is completely safe, consumers are not convinced. Even so, it is not all bad news for mobile developers in 2016. According to recent Forbes article, some features of mobile payment process are secure. Near Field Communication (NFC), for example, does not require physical credit cards. However, there are many other ways for hackers to get their hands on user data; it all depends on the security of the mobile payment product. Though companies are making an effort to authenticate, tokenize and encrypt user information before letting transactions proceed, no system is perfect. While most vendors and consumers like the idea of leaving credit cards at home and go mobile, it is still not clear whether this is a sure thing. Attackers still see the opportunity to attack this growing platform.
Communication Interception
WI-FI enabled mobile devices are prone to the same attacks that affect other WI-FI enable devices. The knowledge and tools to hack into wireless networks are readily available online. This makes WI-FI hacking easy to carry out. In addition, hackers can intercept and encrypt cellular data transmission. User sessions for online services can also be hijacked. For businesses with employees who use free Wi-Fi hotspot services, they are more vulnerable to attacks as hackers may get access to the entire business database.
Mobile Browser Hacking
Researchers have identified major security and privacy issues in popular mobile browsers. This year, users should expect some online security flaws with their mobile browsers. And it should be noted that the vulnerability is not limited to any single mobile browser. This will be a bit of problem, not only for users, but for site owners as well. Hacking via a mobile browser will enable the hacker to compromise the entire device. Exploiting a browser vulnerability can let the hacker bypass its several system security measures. And mobile browsers are more prone to web vulnerabilities as malicious messages come from many sources. These sources include but are not limited to social messengers, instant messages, emails, QR Codes, in-app redirects and even SMS.
Attacking The Cloud
Users should expect an explosion of attacks on the cloud. There will be malware specifically designed to bypass system-level security measures of these cloud-based systems. And because mobile apps rely on the cloud, mobile devices running malicious applications will make these attacks even more fruitful for hackers. Cyber-criminals will be able to attack private cloud systems and access business networks. However, this does not mean that such problem cannot be prevented. Users can ensure critical exposures are mitigated and that the risks are minimal.
Downloading Malicious Apps
While third party app stores are a major risk; malicious mobile apps are also finding their way to official app stores like Play Store and iTunes App Store. The majority of mobile security breaches through 2016 will be the result of installing malicious apps. These apps are capable of auto-synchronize data with personal cloud services. These apps can easily leak personal data to hackers. Moreover, a growing number of mobile applications request permission to gather data that they do not need. Many of the free apps contain adware that captures information like contacts, information, device ID and so forth. This adware can trigger accidental web requests and even leak personal or business data to a third party.
So users need to watch out when downloading apps from the app stores. Users might want to install an anti-virus protection plan that can detect malicious apps. And unless you trust the source, you shouldn’t download the app. Also, if you jailbreak or root your mobile device, you are also weakening your device’s security. This will disable security features and put you at higher risk of being exploited by security vulnerabilities.
Internal Attacks
If you think hackers are the biggest mobile security threat to your business, you cannot be more wrong. Internal attacks are the biggest threats, as it is quite easy for individual who already have access to sensitive information to abuse it. Less than happy employees can also steal devices and physical data. To minimize your risk of insider attacks from discontented employees, make sure as soon as you let an employee gothat they no longer have access to your system. This should be done before termination if at all possible.
What do mobile security threats mean for businesses?
Mobile security threats continue to be an escalating problem, new research shows. The problem is that there is a lack of visibility into the mobile security threats that businesses are experiencing. In other words, some of these threats are already happening in the business world but often unbeknown to the companies affected. Businesses must not wait until their security is breached to take action. There are a few security solutions that can proactively tackle mobile security threats. Businesses should educate employees about ways to avoid putting company data at risk through phishing emails, use of public WI-FI and not updating apps on a frequent basis. In order to minimize risk and manage information security in workplace, businesses should:
- Create preventive controls to ensure that uninterested parties cannot access their network.
- Determine authentication and encryption measures to protect against hackers.
- Assess apps to determine potential risks so that only approved apps are downloaded to devices.
- Ensure that cloud and data service providers offer proper security measures.
Final Thoughts
Mobile security threats will continue to advance in 2016 as hackers are using every means available to break into users’ devices. These threats are increasing and lead to security breaches, data loss and regulatory compliance violations. Businesses therefore must take steps to minimize this problem in order to stay safe in today’s mobile-first environment.
[su_box title=”About Kimber Johnson” style=”noise” box_color=”#336588″]
Kimber Johnson is the co-founder of ASPEN App Design, which is a sister company of Pacific App Design and Vanity Mobile Apps. He has worked within the web development, graphics design, mobile application development, marketing and advertising fields for over 17 years.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.