What's the hottest time of year for hacking mobile devices and stealing identities?
The stretch between Black Friday and Christmas.
As you can imagine, the massive amount of traveling during this time, combined with employees who may be a bit more careless than usual, leads to mobile devices that are more vulnerable than ever.
So how do you keep the holiday season from being a marathon hacking event?
We've got some ideas.
For example, when the average mobile user is on-the-go - traveling or even eating outside of the workplace - they usually don't have much choice when it comes to Wi-Fi networks.
Even if they have a choice, they typically gravitate towards the easiest network connection they can find...yes, even employees who have been trained when it comes to mobile security.
Think of the last time you were at an airport or in a different town for the holidays or even a work vacation.
Was mobile security a primary concern for you?
When was the last time you thought about security when answering your long list of business emails, or finding Wi-Fi in a crowded pub?
It's rarely a priority — which opens the door to these common forms of mobile attacks on travelers:
- Wi-Fi network hacking
- Phishing emails
Wi-Fi Network Hacking:
Steal information as it travels between a mobile device and a wireless network hub.
Skilled attacks can not only see data being sent through a network but also change it as it passes. If that's sensitive or financial data, you have a big problem. The sneakiest attacks even pretend to be perfectly safe Wi-Fi hotspots sponsored by the business — but are really controlled by hackers who can watch what you send and collect it for themselves.
By now, the average employee knows about the existence of phishing emails, those fake messages you get that try to convince you to part with financial or identification info. But knowing about them and avoiding them are two different things!
When the holidays get busy and people get distracted, it can be a lot easier to fall for phishing scams on the go. This is especially true with more complex scams that work hard to mimic official government or organization emails that even experienced workers can fall for.
Juice-jacking is a little more complicated: It focuses on charging cables that can also act as data cables (the iPhone 7, anyone?).
These more advanced connections have their advantages, but "free" public chargers can be hacked or replaced with malicious versions that can use those chargers to steal information from phones...and continue stealing info even after the phone is unplugged.
How can you help employees prepare for mobile hacks?
Don't trust employees to remember everything they learned in early training! Traveling can be stressful and distracting — which makes it even easier to make mistakes.
You can help prevent these mistakes by being proactive. When the holidays or traveling plans come up, be sure to talk to your employees! Communication and education are effective deterrents to mobile missteps.
Try these tips.
- Regularly hold meetings and training sessions to introduce employees to the latest mobile threats and why the company is concerned about them. Buy-in results in far more attentive employees.
- Before trips or vacations, send out company-wide emails or other reminders to talk about basic mobile safety.
- Accept that people will use their work email over holidays, at whatever Wi-Fi networks are available. Look for solutions that protect data more effectively for mobile devices. Measures that keep data on phones are ultimately ineffective. To really protect against this kind of on-the-go threats, consider using a VMI (virtual mobile infrastructure) strategy that keeps data off of mobile devices as much as possible.
What are the must-haves when combating mobile attacks when traveling?
If your current mobile security or BYOD strategy focuses primarily on workplace security or in-house practices, you may need to think more about how employees and data both function when traveling. This needs to be part of your security solution.
On-the-go protection should ideally include:
App selections and protections.
The problem here is that if security is too app-focused, it can interfere with employee lives and holidays. Think how annoying an automatic remote lock or wipe would be in the middle of your holidays.
However, limiting what apps can be used for business purposes can still be helpful.
A way to keep sensitive data off of devices.
This is why we prefer VMI solutions, which house sensitive data on servers and allow virtual access to apps via any mobile device. It's the best of both worlds.
Of course, for most employees, holiday plans are only a couple weeks away, and as much as I believe in you, it may be hard to implement a full mobile security solution throughout all apps and devices in that timeframe. Which brings us to a more practical point...
We realize the holidays are upon us, so you may need a quick solution to hold you over until you find a more comprehensive, long-term solution.
Here's our advice:
Teach everyone to double-check that the Wi-Fi network they are using.
No matter where you are, you need WPA2 protection. Also teach them to avoid public Wi-Fi connection. We'd suggest that you guarantee this, but that's probably impossible, even with the most devoted employees. The most you can do is communicate the information, send out one last reminder, and follow these guidelines yourself as closely as possible.
When anyone gets a business email over the holidays, they should check the address, the contents, the letterhead, the sign-off, and everything else.
Always double check before believing what the email says or clicking on any links in the email. Sometimes, even this isn't enough.
Chances are good there are a certain "family" of emails circling around your particular industry that are expertly designed forgeries: Remind everyone of these emails before they leave work.
Avoid public charging stations.
We know, we know, public charging stations solve a lot of problems — but it's still a new technology that's struggling with security problems.
If you're traveling with a mobile device, we suggest investing in a mobile battery pack instead. There are plenty of these packs, including some that charge in your car and some that are components of your luggage, made for easier travel.
While the above solutions may give you something to do today — they're not real solutions. Luckily, there are products like Avast Mobile Security that offers free mobile protection.
Now onto the long-term
As a company, you should be looking for an enterprise mobility solution.
Just do a quick search into mobile hacks solely from 2016 and you will see why a long-term mobile security solution is so important.
When it comes to finding a solution, our Enterprise Mobility Management eBook may be helpful. It's a thorough overview of mobile security solutions like containers, MDM, VMI, etc.
Each solution is defined in detail — flaws are exposed and actual solutions to today's mobile security ecosystem are offered. Check it out.