With the vast amount of corporate and personal data on smartphones and tablets today, mobile devices have quickly become attractive targets for cyber crime. As attacks increase year over year, how do you protect the security of mobile users on your network?
Keeping mobile users safe and networks secure are critical security challenges. According to industry research, the number of malware attacks on mobile devices nearly doubled in 2018, growing from 66 million in 2017 to over 116 million.
A vulnerability in WhatsApp, the popular messaging platform, enabled malware to be installed on iPhone and Android phones with the potential intent to tap calls made with the app. They issued a patch and implemented fixes on its backend infrastructure to prevent compromising devices.
Within hours, our team at Field Effect identified apps with vulnerable versions of WhatsApp as well as devices with vulnerable versions of iOS that could be potentially leveraged against WhatsApp.
Cyber security for mobile devices
Minimizing your threat surface is the first step toward safer devices and networks. When you consider the threat surface of a mobile device—all the different entry points where an attacker could gain access to the device and apps, steal data, or even compromise a network—understanding the risks goes a long way toward building an effective defence.
Equally important is ensuring users on your network follow best practices to keep their phones, iPads, and other devices secure. Many best practices for endpoint protection also apply to mobile device protection, with a few additional considerations.
Our tips below touch on guidelines from The Department of Homeland Security’s Computer Emergency Response Team (CERT), and offer a good checklist for your users.
Remember physical security
- Keep your mobile device within safe reach. Don’t leave it unattended or make it easy for others to gain access.
- Be cautious about connecting your device, via USB cables, to unknown or untrusted devices for charging or doing data transfers. Depending on configuration settings and existing operating system safeguards, others could gain access to your device.
Patch software and hardware regularly
- Keep your device’s apps and operating system updated at all times.
- Understand the lifecycle of your mobile device. Devices often have limited lifecycles, may have hardware flaws, or may no longer be supported by manufacturers. Consider how long you've owned the device, as well as the warranty and support terms.
Use strong passwords
- Password policies can help users take greater responsibility for securing their devices and reduce risk to the network. Microsoft has provided a few tips on setting password policies.
- Password managers are also great tools for taking the pain out of remembering passwords and ensuring the most secure passwords are used.
Disable WiFi and Bluetooth
- WiFi, Bluetooth, NFC, and other remote connectivity services on mobile devices can introduce a potential entry point for attacks. It’s always best to disable these services until needed.
Protect data with encryption
- Device encryption can prevent attackers from accessing data stored on devices by requiring the device to be powered on with proper user authentication.
- Device encryption is typically enforced by default on most devices. If this doesn’t exist, device encryption can be enforced through your MDM solution or manually implemented.
Use public WiFi networks cautiously
- Unsecured WiFi connections can also be used to distribute malware. Rely on your mobile carrier network or another trusted network for any sensitive web browsing or accessing corporate networks.
- Free public WiFi networks are convenient when you’re on the go, but they do not require any authentication for a connection to the Internet. If you need to access public WiFi, confirm the connection details and never save them.
Avoid risky or "free" apps
- Careful consideration should always be made prior to installing apps on any device. Free VPNs such as Hola! have been known to leak user data and potentially use devices as infrastructure for other users of the service. With “free” apps, you are the product.
Use a cyber security solution
- To protect mobile users on your network, understanding what is normal and what's not is critical in spotting active threats as well as vulnerabilities. Using a cyber security solution that protects the entire business including endpoints, such as Covalence, will strengthen your defence.
Do you have questions about an incident? Reach out to our experienced Field Effect team of analysts today at forensics@fieldeffect.com.
