Three security traps that users should be aware of when working on the move
Smartphones and tablets are popular work devices in the home office and on the road - practical for employees and tempting for cybercriminals. Hackers often use mobile devices for their attacks. Communications provider Materna Virtual Solution shows what security risks lurk in decentralized work.
Answering e-mails, editing documents, taking photos: For many users, mobile devices are also in constant use at work. It is not uncommon for companies to allow their employees to use their private smartphones for business purposes (Bring Your Own Device - BYOD) or to use company-owned cell phones for private purposes (Corporate Owned, Personally Enabled - COPE). But whether BYOD or COPE, both models are vulnerable to hacker attacks. To ensure the security of mobile devices and the integrity of data transfer when working from the home office and on the road, companies must be aware of the impending risks and protect themselves against them in a targeted manner.
Insecure and unauthorized apps
Many cybercriminals are on the popular app stores, circulating applications that look confusingly similar to the original, but actually contain malware. When the apps are downloaded, malware infiltrates the devices and can collect personal and professional information for hackers, lock the phone and cause further damage. Furthermore, employees should make sure that privately used messengers such as WhatsApp are not used as business messengers. WhatsApp offers end-to-end encryption of data in transit, but does not encrypt it on the device itself (data at rest). It is also possible for the messenger provider to read the users' meta data.
Mixed use without security
If private and business data are mixed on a cell phone, this fact alone is a violation of the GDPR, which provides for the integrity and confidentiality of data. Either companies consistently decide to use business phones with an exclusively business use or they equip the BYOD and COPE devices with a container technology. This guarantees that private and business data are strictly separated from each other and that all essential office functions such as mail, calendar, contacts or documents run within a protected area. Communication between mobile devices and corporate IT is also seamlessly encrypted end-to-end in a container environment. Hackers who gain access to the device have no chance of penetrating the container and tapping data.
Lack of awareness among employees
Despite all the technological precautions, employees must also be sensitized as an important link in the safety chain. They are often not aware of the risks they are exposed to when working on the move. In addition, cybercriminals are becoming more and more adept, so attacks are usually not recognizable at first glance. For phishing attacks, for example, fraudsters send serious-looking e-mails or short messages that are intended to trick users into disclosing personal data or opening contaminated e-mail attachments. Companies should therefore hold regular IT security training sessions and sensitize their employees to the issue.
"Cyber attacks and the associated data loss are a constantly lurking danger that does not stop at mobile devices," explains Christian Pohlenz, security expert at Materna Virtual Solution. "The task for companies is to do everything they can technologically to make mobile communication secure, for example with a container solution. But employees as a gateway for cyberattacks should also be constantly sensitized."
Source and more information under www.materna-virtual-solution.com
