Small Business Mobile Security Threats and Fixes - Page 2

By Pam Baker
  • Print Article
  • Email Article

Small Business Mobile Security Tips

Kedem offered these mobile device security tips to help you protect your small business from remote access Trojans:

  • Educate employees that they should NOT install non-standard mobile applications—especially from sources outside the app stores.
  • Teach employees not to make any changes on their mobile phone (change settings, download software) at the request of a "trusted source" that they receive through unsolicited email, texts, or phone calls.
  • Instruct your employees to disable the "remember-this-device" feature for applications that hackers might exploit for fraud or data theft. In other words, require employees to authenticate every time they access any company apps or networks.
  • Consult with app providers (e.g. banks) regarding their level of mobile device security protection against malware and remote access attacks in particular.

Outsourcing small business security

Mobile Security Threats: Credentialed User Mimicking

Stealing data or funds through remotely accessing an authenticated employee's mobile device is not the only way criminals can wreak havoc. They can also mimic your user credentials in such precise detail that you—or your IT department—can't tell that it's not the authorized person accessing information.

Cybercriminals build databases on thousands upon thousands of people in such minute detail that they can mimic almost anyone. Where do they get the information on your employees? According to an article in InformationWeek, they buy some of it from legitimate data brokers, but they reap a lot of it from other data breaches or buy it from the breachers.

It doesn't help that marketers collect and store excessive amounts of personal data on customers and prospects for hackers to retrieve later. You can expect data breaches to continue and for the amount of personal data on your employees and company officers to continue to grow as a result.

Criminals use this information to thwart your efforts at identity and access-management by thoroughly impersonating the user—sometimes right down to their fingerprints.

"Contrary to a popular belief, fingerprints are not unique, and out of 5.6 million fingerprints compromised, there can be quite a few people who have fingerprints similar enough to be accepted by the biometric authentication system," said Igor Baikalov, chief scientist for security-intelligence company Securonix, in the aforementioned InformationWeek article.

That means biometrics may not offer your company much protection if hackers obtain the biometric information through a data breach—either of a company or of a government agency—even though the breaches may be completely unrelated to you and your company.

How do you protect your company against such an attack? For now, multifactor authentication techniques are your best bet.

"The best authentication, as the old adage goes, requires something you are, something you have, and something you know," said Tim Erlin, director of IT security and risk strategy at cyberthreat intelligence vendor Tripwire in the aforementioned InformationWeek article.

Stay diligent about mobile device security; all it takes is one slip to leave you, your employees and your company exposed. If you need more help, explore the cybersecurity options that your cellular phone carrier and your current security product vendors offer, and then compare that to what competitors offer. Odds are you can find products and services that precisely fit your needs and budget.

But, if after doing all that, you're still concerned then you might want to also consider cyber security insurance. You can choose from many different policies to offset both your liabilities and your losses.

Pam Baker has written for numerous leading publications including, Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, the NY Times, and Knight-Ridder/McClatchy newspapers.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Page 2 of 2

Previous Page
1 2
This article was originally published on February 08, 2016
Thanks for your registration