As businesses in the UK continue to embrace the mobile workforce culture and more and more people use their smartphone or other mobile device for work on a daily basis, the need to extend cyber security measures beyond the in-house IT infrastructure is obvious. However, just as we pointed out the myths surrounding cyber security in a recent blog, there are also a few misconceptions regarding smartphone security. Below, we take a look at some of these myths and reveal the truth behind them.
1 - Smartphones are less secure than computers
It is true that smaller devices such as smartphones are much more easily misplaced or stolen than laptops and the traditional workstation computer. Because they offer team members the ability to access an organisation’s systems from anywhere with WiFi, they are more likely to be left behind or used on an unprotected connection. It is also true that the majority of team members will use their device for both professional and personal reasons, meaning they do not always follow the strict best practice guidelines for secure usage. That is why a solid mobile security policy needs to be put in place. However, smartphones are not nearly as vulnerable as you might think.
In fact, the majority of data breaches and cyber security incidents faced by organisations originate on desktops and laptops, not smartphones, because malware or ransomware is usually designed to spread through networks to infect as many business-critical computers as possible. Though smartphones are becoming ever-more advanced and capable of holding increasing volumes of data, they are still nowhere near the levels of data storage seen in laptops or desktop computers, and hackers tend to aim for unauthorised access to as much data as possible.
Smartphones are also better equipped to handle the threats caused by loss or theft, simply because the threat itself is larger for mobile devices. Most smartphones capable of professional use come with remote tracking and wiping capabilities, so if they are lost or stolen, data can be erased easily. Laptops and desktops, on the other hand, don’t usually come equipped with this sort of capability, and require the installation of these extra security measures.
2 – iPhones are safe from software security threats
On the flip side, while smartphones are no less secure than computers, it would be wrong to assume that iPhones are impervious to attack from software-based security threats. Apple runs tight controls over the apps you can use on their iOS devices, and does not allow any devices from other manufacturers to be used with their own, so theoretically the threat of viruses should be at a minimum.
However, the threats are still out there, and even as Apple works tirelessly to keep its users secure, malware is also evolving and becoming more and more advanced, which is why Apple still has to release patches every now and then to handle emerging threats. All it takes is for one new virus to hit your smartphone before Apple catches it, but the good news is that most of these potential threats will require the user to do something foolish such as open a link – something all mobile device users should be educated about.
3 - Android smartphones are vulnerable to malware
As many believe iPhones to be impervious to malware, it follows that the myth pervades that its rival, Android, is more prone to attack. There do seem to be a lot more scary stories reporting vulnerabilities and attacks on Android than iPhone devices, with RedDrop a recent example, but as this article points out, the dangers are usually greatly exaggerated and their successful intrusion into your device would require the user to take a series of unwise actions.
The truth is that Android’s inbuilt security systems will more than likely handle any threats, so unless you are hell-bent on looking for suspicious apps, and first disable your in-built safety measures, your device will probably be secure.
The bottom line is that when it comes to choosing iPhones or Android devices as part of a CYOD policy, there is no real difference when it comes to security capabilities. However, it is advisable to choose one as the standard device for all users, as this will make machine management, integration and the implementation of security measures a lot easier.
4 - Hacking and malware are the biggest threats to your mobile device security
The truth is that, as with your organisation’s entire IT infrastructure, the biggest threat does not come from outside, it comes from within. Though your staff should be the first line of defence when it comes to cyber security, they are also the weakest link. Browser-based attacks and social engineering are fast becoming the biggest threats to the security of companies, suggesting that attacks are targeting users, rather than technology.
Opening suspicious emails, browsing unsafe sites, or simply being careless with password management, can open the door to hackers and malware, so it is vital that your entire organisation understand their responsibilities when it comes to protecting company data and the IT infrastructure.
That is why it is important to not only foster a cyber security culture that encompasses all users and all devices, but also implement effective cyber security measures and IT support for all mobile devices to continually monitor usage, detect threats, and act on them accordingly.
Your IT Support Solution in London
However, while mobile device use can increase efficiency for your UK business, its growth means that mobile device management and security is becoming an increasingly large task for your IT team. This is why it is advisable to hire an outsourced IT support team in London who specialise in both IT as a service and cyber security. They can advise on and implement a robust cyber security policy for all devices, including smartphones, capable of accessing your organisation’s systems and data, with straightforward steps that can include:
- Deployment on a secure platform
- Encryption of all data and all devices as standard
- Password management and auto-lock capabilities
- Whitelisting acceptable apps and blocking others
- Standardising devices
- Using a Virtual Private Network
- Creating a cyber security incident response plan
Find out how we can help you by booking an IT audit with us, and download our Cyber Security Checklist to get you started: