Emmanuel Marshall 28 May 2018 13:15:31 AEST 6 MIN READ

Criminals targeting mobiles to hack into business data

Bring Your Own Device - is standard practice now in most industries. Every person working in an office has a web-enabled phone in their pocket that can receive email and that’s increasingly the in-point for phishing scams. 

The convenience and efficiency of being able to log in and work whenever and wherever we need to is a big plus, but the BYOD work culture creates a host of cybersecurity challenges.


Mobile devices vulnerable 

According to recent research into BEC (business email compromise) crime, users of mobile devices are relatively safe from malware attacks, but up to 18 times more likely to be exposed to phishing attempts.
Criminals are leveraging phones as a way to access corporate data because it’s relatively hard for companies to manage them. It’s difficult enough for a business to ensure the security of their on-site computer network, but when you add personal mobile devices into the mix, things get even more complicated.

When cybercriminals attack companies, a lot of the time what they’re after is the login credentials of staff members. A cleverly designed phishing email is all it takes to steal usernames and passwords. A staff member will receive an apparently innocent message asking them to log into their work email inbox, but the link will actually point to a phishing site that will harvest their username and password and allow cybercriminals to gain access to their account.

Take a look at some examples of email phishing scams intercepted by MailGuard, here.

Studies show that there are inherent vulnerabilities in mobile web browsers and that the behaviour of people using mobile devices can facilitate phishing scams. Because they may be less likely to scrutinise the sources of messages they receive and more inclined to click on unfamiliar pages because they are seeing them on a mobile browser, mobile device users can be easier targets for deceptive email attacks. In addition, mobile devices are typically manipulated with a touch interface making it less intuitive for a user to hover over a suspect link like they might on a PC or laptop.


How to prevent mobile phishing?

Because it’s relatively easy for criminals to use phishing to steal passwords, it’s a good idea to have additional security measures in place as well.

Biometric security like fingerprint or retina scanning can help to make corporate identity theft harder.

Multi-factor authentication can make it harder for phishing scammers to hack into systems. When a user wants to login to their account they have to pass a second stage of authentication which commonly involves an SMS message sent to their phone.

A layered approach to cybersecurity is essential for all enterprises. Endpoint virus scanning is not comprehensive protection, so cloud-based email filtering is also essential.

Team members like to have the mobility and convenience that BYOD offers but clearly there are serious issues with having a lot of uncontrolled devices roaming around, connected to a company’s networks. A lot of businesses are now opting for CYOD - Choose Your Own Device - a middle-road that allows them greater control of the devices used in the workplace, but still gives their staff mobility and flexibility.

With CYOD, the company provides secured devices to their team but gives them a degree of freedom to select hardware that suits their prior experience and workflow.

Whether an employee prefers to use an iPhone or Android, Mac or PC the company will give them a device they are comfortable with using and pre-install security software on the machine to help protect it from attack.


Cybersecurity is a Good Investment

The vulnerability of portable devices is only part of the bigger cybersecurity challenge. Security management tools like multi-factor authentication, cloub-based email filtering and CYOD policies can make a crucial difference in combating cybercrime; the more layers of protection that can be applied, the better.

According to recent statistics released by the Australian Government, 60% of companies that are victims of a serious data breach are out of business within 6 months. Despite this serious threat, 33% of smaller enterprises are still not taking pro-active measures to protect themselves from cybercrime.


People are the missing link in security

In this online era, almost everything people do at work connects them to the web and therefore makes them vulnerable to cyber-attacks.

One aspect of cybersecurity policy that companies often neglect is education and that’s a critical flaw because unless team members understand how cybersecurity works, they will unwittingly create vulnerabilities in the system.

Cybercrime attacks like phishing rely on deception to be effective. A well informed and cyber-savvy workforce can help to close the gaps in a companies defences.

surviving-t-r-cybercrimeIf you would like to get more information about cybersecurity and risk management, please download the e-book Surviving the Rise of Cybercrime (a Non-Technical Executive Guide) by MailGuard CEO Craig McDonald.
This plain English guide explains the most common threats and provides essential guidance on managing risk.

“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” - Rob Sloan, Cybersecurity Research Director, Wall Street Journal

Download your copy of Surviving the Rise of Cybercrime for free, here.