7 mobile security threats you should take seriously in 2019

Mobile malware? Some mobile security threats are more pressing. Every enterprise should have its eye on these seven issues this year.

1 2 Page 2
Page 2 of 2

For now, there's no great answer — aside from selecting devices carefully and sticking with a policy that requires users to download apps only from a platform's official storefront, where the potential for cryptojacking code is markedly reduced — and realistically, there's no indication that most companies are under any significant or immediate threat, particularly given the preventative measures being taken across the industry. Still, given the fluctuating activity and rising interest in this area over the past months, it's something well worth being aware of and keeping an eye on as 2019 progresses.

6. Poor password hygiene

You'd think we'd be past this point by now, but somehow, users still aren't securing their accounts properly — and when they're carrying phones that contain both company accounts and personal sign-ins, that can be particularly problematic.

A recent survey by Google and Harris Poll found just over half of Americans, based on the survey's sample, reuse passwords across multiple accounts. Equally concerning, nearly a third aren't using 2FA (or don't know if they're using it — which might be a little worse). Only a quarter of people are actively using a password manager, which suggests the vast majority of folks probably don't have particularly strong passwords in most places, since they're presumably generating and remembering them on their own.

Things only get worse from there: According to a 2018 LastPass analysis, a full half of professionals use the same passwords for both work and personal accounts. And if that isn't enough, an average employee shares about six passwords with a co-worker over the course of his or her employment, the analysis found.

Lest you think this is all much ado about nothing, in 2017, Verizon found that weak or stolen passwords were to blame for more than 80 percent of hacking-related breaches in businesses. From a mobile device in particular — where workers want to sign in quickly to various apps, sites, and services — think about the risk to your organization's data if even just one person is sloppily typing in the same password they use for a company account into a prompt on a random retail site, chat app, or message forum. Now combine that risk with the aforementioned risk of Wi-Fi interference, multiple it by the total number of employees in your workplace, and think about the layers of likely exposure points that are rapidly adding up.

Perhaps most vexing of all, most people seem completely oblivious to their oversights in this area. In the Google and Harris Poll survey, 69 percent of respondents gave themselves an "A" or "B" at effectively protecting their online accounts, despite subsequent answers that indicated otherwise. Clearly, you can't trust a user's own assessment of the matter.

7. Physical device breaches

Last but not least is something that seems especially silly but remains a disturbingly realistic threat: A lost or unattended device can be a major security risk, especially if it doesn't have a strong PIN or password and full data encryption.

Consider the following: In a 2016 Ponemon study, 35% of professionals indicated their work devices had no mandated measures in place to secure accessible corporate data. Worse yet, nearly half of those surveyed said they had no password, PIN, or biometric security guarding their devices — and about two-thirds said they didn't use encryption. Sixty-eight percent of respondents indicated they sometimes shared passwords across personal and work accounts accessed via their mobile devices.

Things don't seem to be getting any better. In its 2019 mobile threat landscape analysis, Wandera found that 43% of companies had at least one smartphone in their roster without any lock screen security. And among users who did set up passwords or PINs on their devices, the firm reports, many opted to use the bare-minimum four-character code when given the opportunity.

The take-home message is simple: Leaving the responsibility in users' hands isn't enough. Don't make assumptions; make policies. You'll thank yourself later.

This story, "7 mobile security threats you should take seriously in 2019" was originally published by CSO.

1 2 Page 2
Page 2 of 2
ITWorld DealPost: The best in tech deals and discounts.
  
Shop Tech Products at Amazon