Small Business Mobile Security Tips
Kedem offered these mobile device security tips to help you protect your small business from remote access Trojans:
- Educate employees that they should NOT install non-standard mobile applications—especially from sources outside the app stores.
- Teach employees not to make any changes on their mobile phone (change settings, download software) at the request of a "trusted source" that they receive through unsolicited email, texts, or phone calls.
- Instruct your employees to disable the "remember-this-device" feature for applications that hackers might exploit for fraud or data theft. In other words, require employees to authenticate every time they access any company apps or networks.
- Consult with app providers (e.g. banks) regarding their level of mobile device security protection against malware and remote access attacks in particular.
Mobile Security Threats: Credentialed User Mimicking
Stealing data or funds through remotely accessing an authenticated employee's mobile device is not the only way criminals can wreak havoc. They can also mimic your user credentials in such precise detail that you—or your IT department—can't tell that it's not the authorized person accessing information.
It doesn't help that marketers collect and store excessive amounts of personal data on customers and prospects for hackers to retrieve later. You can expect data breaches to continue and for the amount of personal data on your employees and company officers to continue to grow as a result.
Criminals use this information to thwart your efforts at identity and access-management by thoroughly impersonating the user—sometimes right down to their fingerprints.
"Contrary to a popular belief, fingerprints are not unique, and out of 5.6 million fingerprints compromised, there can be quite a few people who have fingerprints similar enough to be accepted by the biometric authentication system," said Igor Baikalov, chief scientist for security-intelligence company Securonix, in the aforementioned InformationWeek article.
That means biometrics may not offer your company much protection if hackers obtain the biometric information through a data breach—either of a company or of a government agency—even though the breaches may be completely unrelated to you and your company.
How do you protect your company against such an attack? For now, multifactor authentication techniques are your best bet.
"The best authentication, as the old adage goes, requires something you are, something you have, and something you know," said Tim Erlin, director of IT security and risk strategy at cyberthreat intelligence vendor Tripwire in the aforementioned InformationWeek article.
Stay diligent about mobile device security; all it takes is one slip to leave you, your employees and your company exposed. If you need more help, explore the cybersecurity options that your cellular phone carrier and your current security product vendors offer, and then compare that to what competitors offer. Odds are you can find products and services that precisely fit your needs and budget.
But, if after doing all that, you're still concerned then you might want to also consider cyber security insurance. You can choose from many different policies to offset both your liabilities and your losses.
Pam Baker has written for numerous leading publications including, Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, the NY Times, and Knight-Ridder/McClatchy newspapers.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|