A majority of employee cybersecurity awareness focuses on desktops, laptops, or specific applications, but hackers are looking for any device on a business’ network that they can take advantage of. This includes mobile devices, such as phones and tablets, that employees may not always see as attack targets. To keep your small business secure, it is crucial to include every mobile devise in your cyber security training, so we want to focus on three of the most common cyberattacks that target devices that help keep your employees on the go.
Malicious Applications
One attack vector unique to mobile devices is when malicious actors upload applications to app stores that contain malicious code. These apps will generally attempt to serve a purpose and have the appearance of a legitimate application, but they contain malicious code that can perform a variety of functions once downloaded onto a company device. These malicious applications can exfiltrate data or be used by malicious actors to lay the foundation for future attacks. Businesses can put limitations on the apps that company devices can download, and it is recommended to monitor any device apart of a BYOD policy that may introduce malicious apps to your network.
Smishing
Smishing, which stands for SMS phishing, functions similarly to traditional phishing campaigns. Hackers will use stolen phone numbers instead of email addresses to try and convince employees to provide sensitive information or perform actions that put the company at risk. Malicious actors will often try to impersonate company VIPs to give a sense of urgency to the text messages they send, and this can cause an employee to act before they think about the legitimacy of the text message. Just like with phishing, even a single response can put the company in danger, and employees should be trained to identify smishing attacks and report them to your IT department or IT consultant.
Data Theft
Whether it’s through malicious applications or smishing, malicious actors will go to great lengths to infect mobile devices with spyware. Websites can even have their advertisements infected with malware that will install itself on mobile devices when the ad is clicked. One goal of this malware can be to simply monitor the infected device and siphon important business information to hackers. This information can then be sold on the dark web or used to plan future attacks against the company. Spyware is especially dangerous because it can be difficult to detect as it only focuses on monitoring the device and won’t cause any suspicious activity.
Summary
Mobile devices can offer malicious actors a fruitful attack vector, but this doesn’t have to be the case. Monitoring the applications downloaded onto company devices, instilling the best habits for responding to smishing attacks, and stopping spyware before it can infect your mobile devices are all services provided by the best IT consultants. Our team here at Robinett Consulting believe small businesses deserve every edge they can get, and our security specialists offer complimentary consultations to small businesses to see if we can provide you with the tools and training needed to keep your business running safely and securely!
