We use cookies to provide you with a responsive service to make your experience of our website(s) better. Please confirm that you agree to our use cookies
in accordance with our cookies policy.

By continuing to use our website we will assume that you are happy to receive non-privacy intrusive cookies.
Please be aware that if you disable cookies some functionality on the site will not work.

Alternatively, read our cookie policy to find out more about our cookie use and how to disable cookies.

Accept and continue
Reading this article counts towards accumulating your annual CII structured learning hours. Log in or register to track your reading time and answer questions related to the Cyber and Data Security learning outcome(s)

Cyber – The risks of corporate mobile schemes

At a glance

  • Cyber threats don’t stop at computers and businesses may not know the risks that come with employees having mobile phones.
  • Prevention is always better than having to deal with the fallout of a cyber-attack and having to make a claim against your insurance policy.
  • The risks of having an insecure corporate mobile scheme will vary for every organisation. However, there are always actions that can be taken to help reduce the risks.

This article counts towards accumulating your annual CII CPD structured learning hours for Cyber and Data Security.

By reading this article, and correctly answering the three questions underneath, you will have achieved the following learning outcome: Identify strategies for categorising and safeguarding personal or sensitive data.

Visit the CPD Hub to log in and begin accumulating CPD hours.

It seems impossible to think that smartphones have only been a part of our lives for just over a decade. In 2008 only 17% of people owned a smartphone, a figure that 10 years later had grown to 78%. This technical transformation of society means people are more connected than ever and rarely switch off, in fact in 2018 in the UK people check their phones on average every 12 minutes during their waking day.

It’s no surprise therefore that companies are more commonly investing in mobile phones for their employees. Whilst this gives employees the ability to work on-the-go it also presents a more pressing problem. Andrew Kelly, Principal Consultant in Cyber Security, QinetiQ explains “we carry the devices with us everywhere and they are switched on 24/7. Most people keep their mobile with them at all times, so they have access to much more personal data than a desktop computer or even a laptop which are much less portable.”

Cyber threats don’t stop at computers and businesses may not know the risks that come with employees having mobile phones. These are just some examples.

Phishing attacks

Some research suggests that users on mobile devices are 18 times more likely to be exposed to phishing than to more traditional malware attacks. This is because phishing emails are often much harder to spot on mobiles which means that even the most vigilant of employees could be tricked into clicking on dangerous links that could compromise a company’s security.

Data loss

Data could be leaked from corporate mobile devices through malicious cyber-attacks but also through risks of downloading apps. Apps often request permissions that aren’t entirely understood and could in fact put company information at risk. Andrew explains “mobile apps can be updated extremely frequently, usually much more frequently than desktop/laptop applications. Some apps are updated daily. This means that an app that seems innocuous one week could cause concern the following week.” The risks of these apps can go as far accessing information you wouldn’t want them to, sharing information data with unknown partners and even physically draining batteries.

Unsecure WiFi networks

Working remotely means that employees often have to rely on public WiFi to stay connected. These connections can be risky, they’re quite often unsecure and pose threats. People could use the WiFi connections to install malicious software or to intercept company data.

Physical vulnerabilities

Corporate mobiles provide great benefits to businesses in allowing employees to be more readily available and work on-the-go. However, they also act as a potential window into the company their owners work for that could easily be lost or stolen. As well as cyber risks, sensitive or personal information could be seen by prying eyes in public places and transport.

 

Reducing the risks

The risks of having an insecure corporate mobile scheme will vary for every organisation. Andrew describes example risks including sensitive intellectual property could be lost to competitors, fraudulent billing or intruders being able to access sites more easily. Furthermore, Andrew explains “the way that adversaries such as hackers can exploit insecure mobile apps and devices is constantly evolving and increasingly creative. The current situation makes this even more of a challenge because people are more reliant on mobile contact than ever and new apps are becoming popular.” However, there are always actions that can be taken to help reduce the risks.

Individuals can take easy measures to reduce the risks themselves. These include:

  • Not using corporate mobiles more than necessary for personal matters
  • Have a secure and unique password
  • Avoid installing or clicking on anything that is not from a known and trusted source.

It’s also an important piece of security maintenance to keep up-to-date with all software and app updates. Andrew tells us that updates act a bit like a vaccination and stops attackers exploiting system weaknesses.

Organisations can also take actions to protect themselves. Firstly they should stay informed on and research cyber threats. Andrew’s team test mobile apps security and he explains that when armed with this knowledge companies are able to adapt their approach to certain apps to improve security – this could be from encouraging and working with the developers to make adaptions to tracking app use or even removing them. Secondly, it’s important for employees using the phones to be educated in cyber security. By making sure that the organisation has a clear company policy on corporate mobile use that everyone is aware of you will reduce the chances of a cyber-breach. This can be helped with training employees, ensuring they understand best practice and cyber risks.

Prevention is always better than having to deal with the fallout of a cyber-attack and having to make a claim against your insurance policy. Rigid cyber security plans are essential, here at Zurich we are keen support you in mitigating risks of cyber breaches wherever possible and have our own experts in house to do so.

If you want any support on this please do speak to your usual Zurich contact.

Image © Getty

Leave a comment