Mobile security: What are the threats targeting business devices?
Discover in this article, what are the threats targeting business devices
What are the different types of threat affecting your mobile fleet? What can you do to protect against them?
Smishing: This form of phishing is carried out via SMS message. An employee receives a fraudulent message from an attacker, who impersonates a trusted third party to encourage the installation of malware on their device, the sharing of sensitive information or making a bank transfer in the attacker’s favour.
Malicious applications: These are mobile applications designed to appear legitimate, but actually perform malicious actions in the background. Once installed, they can be used to steal sensitive data, spy on conversations or track user movements.
Man-in-the-middle attacks: Many mobile users connect to public Wi-Fi hotspots at professional events, cafés, train stations and airports. These unsecured connections can be exploited by cyber criminals to intercept communications of those connected, gaining access to sensitive data.
Exploiting vulnerabilities: Mobile applications and the device's operating system must be updated whenever a new version becomes available. Failure to update can allow attackers to exploit a vulnerability to access data on the device, install malware such as ransomware, or even take control of the device remotely.
Spyware: These are installed on the mobile device via a malicious link, the exploitation of a vulnerability or via an infected file. They are designed to discreetly collect sensitive information, such as messages, calls, browsing history and even user passwords.
AI-based attacks: Cyber criminals use artificial intelligence to recreate the vocal fingerprint of a person close to their target. For example, an employee may receive a call from the attacker and hear the voice of his manager asking for sensitive information or requesting an urgent bank transfer (in favour of the attacker).
SIM swapping: This method involves the attacker taking control of the victim's phone by persuading the mobile operator to transfer the number to a SIM card in the attacker's possession. The attacker then receives calls, text messages, etc. and two-factor authentication codes sent to this number, granting direct access to the user's business applications, bank accounts and data.
Post-quantum threat: Quantum computers can break the encryption methods used by most mobile devices in a fraction of a second. Attackers can then gain access to the device's unencrypted communications, whether for the purposes of espionage or data theft.
Device theft: Business smartphones and tablets containing sensitive data can be lost by employees or stolen by malicious individuals. This can be particularly problematic if the device contains sensitive data.
How to protect against these mobile threats
Several best practices that can implemented to protect your organisation from these threats:
Employee training: It is important to raise employee awareness about the risks of using public Wi-Fi or an application that has not been approved by the company's IT department. Additionally, exercises can be conducted to test user responses, such as fake smishing attempts.
Managing your fleet with an Enterprise Mobility Management (EMM) solution: An EMM solution allows the IT team to remotely manage the entire mobile fleet, update the OS and applications on employee devices, and wipe data from lost or misplaced smartphones.
Protecting your devices with a Mobile Threat Defence (MTD) solution: This security tool actively detects threats targeting mobile devices and thwarts attacks.
Securing browsing and communications: To protect data confidentiality, it is important to encrypt communications and secure employee Internet browsing using a VPN.
With its Cryptosmart Mobile solution, Ercom protects corporate devices on three levels:
- Local protection: Using strong authentication and encrypting data stored on the device.
- Communication protection: End-to-end encryption of voice calls and SMS messages.
- Internet protection: All data passes through the secure Cryptosmart VPN, ensuring the confidentiality of online connections.
Cryptosmart Mobile is approved at the “Restricted Distribution” level by the ANSSI (renewal in progress for version 5.0), ensuring the highest possible level of security. Ercom has recently teamed up with Pradeo and ITS Ibelem, two companies offering Mobile Threat Defence and Enterprise Mobility Management solutions respectively, to create the first complete and sovereign ecosystem dedicated to securing mobile devices. These Pradeo & ITS Ibelem technologies are integrated in the Cryptosmart mobile solution.
With the volume of attacks targeting mobile devices constantly on the rise, it is crucial to adopt appropriate security solutions to protect the confidentiality of your data and avoid exposing your organisation. While the security of mobile devices is important, it is also essential to secure your company's computers: here also, Ercom protects your remote PC connections with Cryptosmart PC.
