Advertisment

10 Data Security Threats From Mobile Devices

author-image
PCQ Bureau
New Update


Advertisment

In the last few years, acceptance of mobile devices like smartphones and tablets has increased in most organizations. Needless to say, but the onslaught of these devices is creating information security nightmares for the IT department. It just opens up a pandora's box of ways by which critical company information can fall in the wrong hands. While we don't have any live incidents to share about such security incidents, here are some probable ways in which information can easily be stolen from mobile devices. The numbering has been put just for convenience, and not for ranking the seriousness of threat.



Threat #1: Users save business critical data on mobile devices and unsafe clouds

Advertisment



Since your company's employees would be using their personal devices for storing both personal and professional data, it becomes a major security risk. Moreover, these employees would also want to be able to access this data from anywhere and from their other devices as well. As a result, they would try and use cloud based storage services to store the data, or they might simply use some other cloud based apps from their mobile devices. In both cases, data moves out of the mobile devices and into the cloud based on personal preferences. There's no guarantee about the safety and security of those sites.

Threat #2: Data loss caused by gadget theft



This one needs no introduction. Gadget thefts have become pretty common place, and more important than the gadget is the data stored on it. So if your employees use personal gadgets to store professional data, then you can imagine the consequences of their gadgets getting lost or stolen. Important customer information, key accounts, and much more becomes at stake due to this. What's needed therefore are encryption tools and software loaded on those mobile devices that can remotely delete business critical data.

Advertisment

Threat #3: Email attachments that wipe out data or pass on data in wrong hands



Imagine, one day a person approaches you and claims to know your name and the company you are working in. Next day he sends you an email with an attachment. You open that attachment on your handheld device and guess what? Your security is compromised and the worst part is that you aren't even aware of it. This also emphasizes that stalking is easier now. This has actually happened to someone we know. So the lesson is to be careful while opening email attachments on mobile devices. They could have malware that can compromise your mobile device.

Advertisment

Threat #4: Infected websites pass on malware to mobile devices



A lot of people these days access the Internet from their mobile devices. As a result, the focus of spreading malware has also shifted to these devices. The trouble here is that while most people tend to load anti-virus and anti-malware programs on their desktops and laptops, they tend to ignore their mobile devices. So if your employees end up bringing infected mobile devices in office, it can cause havoc.



Threat #5: Fake banking applications and Trojans are also there, so watch out!

Advertisment



Remember email based phishing attacks that would lead you to a fake banking website? Well, the same thing seems to be spreading in the mobile world now, and it's more dangerous. Instead of getting phishing emails, the user downloads banking apps that look genuine, or some other app that loads a Trojan. The purpose of both is to pass on the user's banking credentials to criminals. McAfee apparently, recently reported a Trojan that mimics the sign-on process for banking apps. It's called the FakeTrojan.A, which uses a man in the middle attack to grab user's banking credentials. It is therefore advisable that you check with your bank about the publisher and authenticity of the application. It can save you a lot of trouble.

Advertisment

Threat #6: Fake mobile apps that automatically buy paid apps from the store



Downloading new and funny applications from app stores is always fun. But have you ever thought of the malware embedded in these applications? The ANDROIDOS_SMSBOXER.AB mobile malware for instance, automatically subscribes the affected device to premium services without taking the user's permission. The rest as they say is history! You get charged for services you haven't even availed! So before you download any application from the Android market or Apple store check the publisher of the application. It helps to put in a little effort to know more about the publisher.

Threat #7: Apps that ask for undue permissions to do unwarranted operations on your mobile device

Advertisment



Another thing that most of us tend to ignore are the permissions that an application needs. A simple application like a game should not need the permission to check your account. It should only ask for what it needs to do.



Threat #8: Fake websites that load rogue apps to your mobile device



As if fake applications weren't enough, now you also have fake websites. Recently, Trend Micro reported many fake domains being setup that imitate Google Play, which is the new name given by Google to the Android market place. The fake Google Play sites conceal rogue Android apps.

Threat #9: Critical information is stored unencrypted on mobile devices



The security world has been harping about keeping critical data on desktops and laptops in encrypted form. Yet, there are lots of companies who don't do it. Considering that the desktops are safe within the four walls of the office, and laptops are also typically opened by employees when they want to get into serious office work, non-encryption of data can still be managed. But mobile devices are used far more frequently by employees and are carried by them everywhere. Moreover, they're also connected to the Internet more frequently. So the chances of data leakage on mobile devices like smartphones and tablets are much higher.

Threat #10: Data theft caused by simple or no password protection on mobile devices.



A lot of people don't tend to password protect their smartphones and tablets, because it becomes a little cumbersome to enter the password everytime they need to access it. But due to that, they're sacrificing security for convenience, which can be dangerous if they're using their mobile devices for accessing official data.



In Conclusion



As you can imagine, mobile security threats are becoming increasingly more dangerous, so if you're allowing your employees to freely use their personal devices in office, you have to be careful about giving them access to your office network.

Advertisment