The shift to more remote working set in motion by the pandemic, the use of mobile devices for business purposes has grown - along with the associated security risks.
When employees use smartphones, tablets and laptops for business, it extends a company's security perimeter beyond the walls of the office and out into the world at large. This leaves the company more vulnerable to phishing, malware, ransomware and other cyberattacks. Businesses need to take protective action.
Beware mobile banking fraud
With the significant increase in mobile banking, the FBI has warned about increased fraud attacks on mobile devices. App-based banking Trojan viruses - malicious programs disguised as other apps - are among the techniques the FBI says criminals employ to exploit mobile banking users. Fraudsters also create fake banking apps that impersonate the real apps of major financial institutions in order to trick users into inadvertently handing over their login credentials.
Measures that can help businesses protect against mobile banking fraud include: using dual control to approve transactions or administrative changes; enabling two-factor or multi-factor authentication to protect devices and accounts from malicious compromise; monitoring online accounts and transactions regularly and having procedures in place for employees to contact your bank if they notice anything unusual; and signing up for fraud monitoring services.
Establish effective security policies
Eight out of 10 businesses surveyed in Verizon's Mobile Security Index 2021 reported an increase in remote work and expected the number of remote workers to remain higher than before lockdown. "The 'new normal' remains uncertain, but it's a safe bet that more flexible working arrangements are going to be a part of it," the report noted.
With that in mind, the report urged businesses to establish a robust set of mobile device policies. Among other things, those policies should cover:
- Acceptable use - i.e., when, where and why employees can connect their mobile devices to the company's network.
- Encryption. Require users to encrypt data before they store it on their mobile devices.
- Password security. The report suggested requiring passwords to be changed every 60 to 90 days, along with setting character length and combination requirements.
Talk to your employees
According to the survey, over half of the companies that had experienced a mobile-related security breach attributed it to user behavior, such as falling for a phishing attack or installing unsanctioned apps. This suggests that employee engagement and commitment are critical elements of a successful approach to mobile device security. Employees must have a clear understanding of the threats posed and their ramifications for the business.
Here's a strategy to consider: Hold a cybersecurity workshop to reinforce the dangers posed when using mobile devices. By engaging all employees in the fight against cyber threats and reviewing mobile device policies, you can better protect your company's valuable data and resources, and the interests of your customers.
For more information, visit www.hancockwhitney.com/treasury-services or call (866) 594-2304.
