Small business cybersecurity: how to improve mobile security
There's an inherent risk of cyberattack anytime a smartphone or tablet connects to the open internet. Internal resources can be accessed if a device is hijacked or infiltrated. Small businesses beware! These are the biggest cybersecurity risks, and mobile security essentials, your small business must be aware of.
Common small business mobile security threats
When it comes to the obvious portability of smartphones and tablets, the greatest threat is that the device could be lost or stolen. In addition to the cost of replacing the device, there should be concern about the data on the stolen item and the access it contains to corporate systems.
When you think of computer viruses, you normally expect PCs running Windows to be the most vulnerable. However, hackers have branched out into new areas and are now looking to target mobile devices with specialised malware. An infected smartphone or tablet on your small business's network can lead to serious damage.
Viruses normally reach mobile devices through one of two mechanisms: rogue web pages or malicious native applications. Like on a desktop computer, if you open a suspicious email and click on a link from a smartphone or tablet, it may try to run a background operation and infect your system.
Native app viruses are even more dangerous because they have access to more of the device's internal processes, including memory and data storage. In a worst-case scenario, a nefarious application will be installed on your phone or tablet, able to retrieve private data or spy on your activity.
Responsive malware differs from mobile malware (which infects the mobile device itself) by making its way into your system via traditional means like an SQL injection or cross-site scripting invasion of the site server and files.
Your website visitors on a desktop won’t see it. But mobile-device users will since they will be viewing a responsive layout version of your site (ie. website display will be adapted to phone or tablet screen size). Mobile users will likely be redirected to a porn, gambling, or pharmaceutical site.
Anyone looking to create a website - web developers, bloggers, small businesses - with a content management system (CMS) like WordPress or Joomla should be aware that these platforms are susceptible to infection from responsive malware. The best defence is to stay on top of standard security recommendations like keeping plugins, themes, and core code updated, using credible anti-virus and anti-malware protection, and tightening up your login with strategies like Two-Factor Authentication and restricted login attempts.
It's important to keep in mind that hackers can do serious damage even if they don't have direct access to your mobile device. In particular, public wi-fi networks are a common target for attack because people tend to be unaware of the the potential risks to data that public networks pose.
When we think of mobile devices, usually we still only consider smartphones and tablets, the ones that have ben around the longest. However, mobile devices have become increasingly diverse, thanks to the Internet of Things (IoT).
IoT devices include everything from washing machines to coffee makers, which are now built with wi-fi technology, making them smarter and connected. But if you have these types of devices installed at your place of business, be aware that they are just as vulnerable to attack as smartphones and tablets.
Mobile security solutions for your small business
Before distributing a mobile device to any employee, preventative steps need to be taken in case it falls into the wrong hands. The easiest protection to add is a complex security code for unlocking the mobile device. Even better is to enable fingerprint or facial recognition. Even if a criminal manages to obtain the phone or tablet, they will not be able to access the content inside it.
Instead of purchasing a device for every employee, many small businesses opt for a system known as bring your own device (BYOD). This reduces the financial impact of supporting mobile platforms and allows employees to manage a single set of devices for home and work.
However, if individuals will be using their private devices to access corporate email, chat, and file systems, then precautions need to be put into place. There are remote access management tools available for both the iOS and Android operating systems, which will let IT administrators interact with the devices on their network.
The downside of a BYOD policy is that employees give up some privacy for the sake of the company's security. But mobile device management tools are not designed to spy on individual people. Rather, they provide a mechanism for administrators to enable or disable access to internal resources. If a device is lost or stolen, administrators can remotely wipe all of its content to protect confidential information.
An increasing number of small businesses are choosing to enforce a strict VPN policy for employees who work remotely or use a mobile device to access corporate resources such as email. A VPN encrypts an online session between a device and the open internet.
Once you activate a VPN connection on your smartphone or tablet, the device will be assigned a new IP address and all outgoing traffic will be routed through the VPN service. Even if a hacker intercepts your web traffic, he or she won’t be able to decode it or steal data.
In addition to the above, as a domain name owner you should also use:
- DNSSEC-validating DNS services: checks that connections are being made with genuine servers, eliminating hack attacks and redirection to spurious sites.
- Domain privacy: hides your WHOIS domain contact information from identity thieves and other cybercriminals
- SSL certificate: encrypt all of your connections with HTTPS
- HSTS Preload: adding your HTTPS-encrypted domain name to the HSTS Preload List ensures browsers automatically enforce HTTPS-secured connections
Prioritise your small business's cybersecurity!
Mobile security is a major challenge for small business owners who may not have the resources or budget to make a significant investment in cybersecurity. But none of the above options will break the bank. And the small financial investment you make will surely be a lot loss than what you could end up paying should a hacker finds a way to access your business's information. Ignore mobile security and you could pay a much steeper price in profits and reputation.
Have additional questions about cybersecurity? Let us know. Our Customer Support team will be glad to assist.
Sam Bocetta is a freelance journalist specialising in U.S. diplomacy and national security, with emphasis on technology trends in cyber warfare, cyber defence, and cryptography.