Even before the COVID era and remote working becoming so prevalent, many employees were using their mobile phones to access company email, networks or data. This “bring your own device” work culture is definitely a security risk to not only your employees, but to your company as well.
Smartphone security has not kept up with traditional computer security, and your employees may be vigilant when it comes to security breaches on their desktop or laptop, but we are all more distracted when it comes to our mobile devices as we quickly scan through emails, text multiple people and scroll through different social media, usually all at the same time. This makes our phones very attractive targets for scammers – tricking us into joining rogue Wi-Fi networks or tapping fake emails without even thinking.
A 2019 study on the mobile threat found that 57% of companies have experienced a mobile phishing incident. Phishing is the most common cyber threat, especially for companies. It is estimated that 9 out of 10 data breaches start with a phishing attack, and when we are on our smartphones, we tend to not pay as much attention to what we are clicking – plus the smaller screens make red flag less noticeable.
Making sure your company has a strong cyber security system and communicating the importance to your employees is a must nowadays. Here are a few strategies that everyone can incorporate today that can help keep your employees and your data safe, but even these are not 100% guaranteed:
• Use secure access points, such as virtual private networks (VPNs). These allow you to extend your private network across public Wi-Fi using encrypted virtual point-to-point connection, enabling and maintaining secure access to your company’s resources.
• Have your employees create a secure network for business transactions in their home offices. Most home routers allow for the creation of multiple networks, such as a home and guest connection. Adding a password protected network for work connections means your employees can keep their families’ personal devices separate from work devices.
• Make sure your company is installing updates across all devices and systems on a regular basis. Regular updates and patches ensure your systems are protected against known vulnerabilities.
• Always make sure your employees are using strong passwords and two-factor authentication across all devices and accounts. It cannot be stressed enough that passwords should be complex, meaning they should incorporate numbers and special characters and should not be the same ones used across multiple accounts. As a business, you may want to look into a password management software to help your team keep track of their passwords.
• Be vigilant when responding to emails, especially those with links and attachments. Remind your employees to never click on those links or attachments from an unknown sender – and even if the email seems to come from a trusted source, be sure they are looking closely at the email address or website URL. Inform your employees to make sure they let your IT department or contact know of any suspicious emails right away, as well as letting them know if there is a possibility of a breach.
• Install anti-malware and anti-virus software across all devices and networks, which will stop the majority of attacks.
• Make sure your company has a Cyber Response Plan in place and that all your employees are aware of this plan – and that everyone knows who to contact if they suspect a breach, both during work hours and after-hours.
Nowadays, cybersecurity is the responsibility of all your employees, but taking these steps to protect your business can alleviate many of the breaches from ever happening. In our next blog, we will discuss more specifically on what your employees can do to make sure their mobile devices are more secure, as well as what to do if their devices are stolen.