Archived Insight | October 4, 2020

Mobile Cybersecurity: How Risky are Your Employees’ Apps?

The apps your employees have on their mobile devices can present malicious actors with an opportunity to breach your cybersecurity.

The average mobile phone has 60 – 90 applications installed and they might be leaving your data at risk. 

Young Businesswoman Using Mobile Phone At Work

Consider the facts on mobile cybersecurity

  • A report from Positive Technologies identified that 38% of iOS applications and 43% of Android applications contain “high risk” vulnerabilities due to poor coding practices. These vulnerabilities could leave your passwords, financial details, personal data and communications open to hackers. These are “good” applications with bad coding.
  • According to the 2019 McAfee Mobile Threat Report there are over 70,000 “fake” applications for mobile phone downloads. These fake applications exist to steal your data or use your phone for other purposes, like bombarding you with ads. These are “bad” applications with good coding to fool you.
  • The most common threats include bad applications asking for access permissions they do not need and tricking users into entering personal information; for example, credit card numbers to purchase new features or turn off ads.
  • Once malware is installed on your phone, hackers do not need physical access to the device because your phone is “always connected.” The malware can simply grab your personal data and send it directly to the hackers.
  • Hackers installed software developed for spy agencies on some Android and iPhone handsets in 2019 by calling the targeted person through WhatsApp (a call and chat application). The software was installed even if the phone call was not answered. WhatsApp has since corrected the vulnerability, but other hackers are assuredly evolving the code for new uses. 

How your employees can protect themselves

While you can’t do anything about the poor coding practices of mobile phone application developers, there are ways to minimize the impact of fake or unsecure applications.

  • Only download applications from known sources such as the Google Play store and the iOS Application Store. They actively remove known fake or bad applications but new ones are always popping up.
  • Don’t be tricked into downloading an application from another source. A popular scam right now is to leave a voice message on your phone and then require you to download a special application to hear the message played back. The “special” application is malware intended to steal your data.
  • Understand why an application requests certain access privileges when installing on your phone. For example, a new version of Candy Crush should not need permission to make phone calls. That could be a scam to allow hackers to call “900” numbers and bill you exorbitant fees. If an application asks for unexpected permissions, don’t install it.
  • Check your phone settings for your installed applications occasionally to verify the permissions used by each application. You want to make sure no unexpected permissions have been granted.
  • Encrypt your phone to protect the data on it and use at least six numbers for the password. This may not encrypt all of the data but is a good start. There are also encryption applications available to make the encryption even better.
  • Update your mobile phone operating system and installed applications when new versions become available. These new versions often fix issues found with previous versions.
  • Never open unknown links in text messages.

Usage policies are needed

Your business risk increases as employees access work data through their mobile phones.

Your job is to make sure those employees understand the risk through strong governance policies, specific business practices and awareness training.

Have questions about mobile cyber security?

We have answers.

Contact Us

More insights on cybersecurity

Businesswoman Working On Laptop At A Cafe

Cybersecurity Tasks to Protect Data & Meet High Expectations

Be prepared for a possible data breach. See our checklist of eight annual tasks that can help protect your organization's data.
Young African Woman Using A Laptop In A Server Room

Vendor Cybersecurity Best Practices for Plan Sponsors

Cybersecurity is an increasingly critical issue. Protect your plans and take steps to reduce risks.
Two Businessmen Working Together On A Computer In A Modern Office

Obtaining Cyber Liability Insurance Coverage Quickly

Read how we helped a TPA obtain cyber liability coverage quickly to solve their security concerns.

This page is for informational purposes only and does not constitute legal, tax or investment advice. You are encouraged to discuss the issues raised here with your legal, tax and other advisors before determining how the issues apply to your specific situations.

Don't miss out. Join 16,000 others who already get the latest insights from Segal.