Every Mobile Device You Have Has A Security Risk
By: Jim Stickley and Tina Davis
November 11, 2018
The world has become mobile. Working from the office is no longer the only option and being tethered to a desk is a thing of the past. Mobile phones, tablets, and laptops allow anyone to work from anywhere. Whether at home, in a coffee shop, or even on a plane, the office is now wherever you happen to be sitting.
Of course from time to time even the most nomadic employee must stop by the office and catch up. In most cases this will include connecting a laptop to the network or a mobile device to the office Wi-Fi. Even in cases where corporations block external devices from connecting directly to the corporate network, VPN’s and even exchanging email can open conduits through which malware can make its way.
This adds a significant layer of complexity for management and IT departments everywhere. This is because it’s impossible to know what employees do with their tablets, phones, and laptops once they leave the office. Do they browse to questionable websites where malware may be lurking? Do they have security software installed and updated? Did they download an app that has hidden malicious code? And most importantly, do they keep their applications and operating systems patched and updated?
No matter what your situation and no matter what policies your organization has implemented, ultimately your devices are at risk and only you can protect them from criminal activity.
Fortunately, there are a number of things you can do to reduce the risk and keep your devices and your organizations network secure.
The following list, when followed, will greatly reduce your risk and keep your devices and your organizations network secure.
- Make sure that you have anti-virus and anti-malware installed on all the devices you bring to the office. Set them to auto-update so you don’t have to worry about whether or not you have the latest versions. This really is your first line of defense in terms of software you can employ for keeping some dangerous stuff off your devices and off the company’s network.
- Work together with management and IT to determine what access they will have to your device to make sure it’s not adding unnecessary risk to their systems. After all, if you are using their resources, it’s only fair that they be able to ensure their risk is the lowest it can be and still allow personal device access.
- Stay tuned in to what cybersecurity risks exists for all your devices that you bring into the company. They do differ among smartphones, tablets, and laptops. They also are different based on what operating system is running on them. The threats also change from day to day and even hour to hour. Keep yourself aware of these and take what actions you can to avoid bringing them into the office.
- Respect any bring your own device (BYOD) policies your company has in place. They are in place so that you can keep your devices and they can still protect the network. Use caution when browsing websites. Just briefly passing by a malicious site can wreak havoc on the corporate network.
- Keep your mobile devices password protected when you are not using them. Be sure to use strong passwords or codes that are not easily guessed. Enable the automatic locking functionality so you don’t walk away and leave it unsecured.
- Avoid using social media while connected to the corporate network. Cybercriminals continue to actively use social media and social networking sites for phishing and to distribute malware. A few years back, major software companies fell victim to an attack that allowed cybercriminals to gather information posted on social media to gain trust in employees. This ultimately allowed them to gain access to the corporate network while the employees were checking their accounts from the office.
- Be sure to have a mechanism to automatically wipe the device in case it’s lost or stolen. It’s likely you will have it set up to get corporate email and/or check your calendar. If so, that’s a connection into your company and therefore, you need to be able to quickly clear the device of that link if it should go missing.
- As always, be very aware of what you’re clicking and tapping on your devices. Once they are on the network, if malware is on your phone it can very quickly and without notice end up worming its way through the corporate systems.
It’s important to know that while these tips are useful, cybercriminals are always adapting. Ultimately it’s up to you to remain vigilant and remember that if something seems strange or you have even the slightest concern, stop and get help from management or your IT department. It is always better to be safe than sorry.