Cybersecurity has always been a major challenge for companies, mainly due to the growing financial and reputational cost of data breaches. As a result, there has been a steady increase in the tactics and technologies used to combat these threats. These methods meet the need for better and smarter ways to increase enterprise-level security and minimize mobile security risks.
Due to the rise of new types of cyber attacks, traditional security methods are no longer sufficient to protect business data. This is especially true, as malicious activity is now targeted at remote workers and mobile devices.
This article will explore how remote work has changed the way companies view and analyze business security and why CISOs around the world need to place greater emphasis on the security of mobile work environments.
What were some of the main challenges the CISOs faced during the transition to remote work?
When employees began working from home in response to the pandemic, organizations came into contact with a new set of cybersecurity challenges. This led to the creation of new processes and movements to cultivate employees ’cybersecurity awareness in order to safeguard work devices from home so that they were as safe as official devices.
In the process of making these adjustments, the following turned out to be one of the biggest cybersecurity concerns for CISOs:
- 80% of CISOs stated that strict passwords are no longer an effective strategy to protect company data.
- 82% of CISOs agree that the shift to remote work has hampered the security of business data.
- 87% of CISOs agree that mobile devices represent a greater security vulnerability than desktop devices.
However, when asked about their biggest concern, nearly half of managers, executives and CISOs seemed concerned about the safety and privacy of their employees when it comes to working from home. This would give the rest of the family members access to their devices, unwittingly compromising important information.
How has remote work increased the risks associated with the use of mobile devices?
With the remote work leading to a new way of doing business, some organizations face a high risk of mobile devices. These are just some of the issues that CISOs need to address now:
The use of unauthorized applications
Mobile devices are rapidly replacing personal computers. We rely heavily on our smartphones to make online transactions, send corporate documents, transfer confidential information, access third-party applications, and more. In fact, almost 48% of daily web page views are now accessed from a mobile device.
Growing dependence is the reason why attacks on mobile devices have become significantly more common only over the last year.
Use of personal devices to access corporate data
According to a study last year, 39% of employees surveyed regularly used their personal devices, smartphones and laptops to access corporate data hosted on cloud systems. In addition, an equal number of employees even admitted that their personal devices had no password protection, which could jeopardize commercially sensitive information.
In addition, more than 13,000 of these devices used did not follow protocols as strict as their corporate equivalents. These unprotected devices provide an entry point for many cyberattackers and viruses to access the corporate networks to which they are connected. It also opens up the possibility of transferring malware infections from home devices to the office.
How to mitigate these security issues
Many of these problems arise due to insufficient training in cybersecurity and awareness provided to employees. CISOs should focus on ensuring that only trusted users access specific networks and devices. If possible, provide employees with devices that already have encryption and antivirus tools installed.
In addition, training workers to recognize scams, phishing emails (impersonation) and third-party malware applications will also help mitigate cybercrime using mobile devices.
Using insecure Wi-Fi to access business resources
Data is usually transferred through a server-client over the Internet and the mobile network. Your employees may work from home or from a friend. They could also access “free” public Wi-Fi without knowing that any of these networks could be intercepted by malicious attackers.
Cyber attackers can use an insecure Wi-Fi connection to exploit firewall vulnerabilities and intercept confidential information. Using an insecure connection can also expose your devices to a worm attack that can wreak havoc on your device. Remember that using a public / insecure login can give other users access to your emails and identifiers.
How To Mitigate Threats To An Insecure Internet Connection
Mobile developers typically use an SSL / TLS certificate during the authentication process. However, an SSL certificate does not imply that mobile devices are completely secure. Once the authentication process is complete, the certificate ends with it. This results in an inconsistent layer exposing your passwords, contact information, and card details.
Stronger security measures are essential to ensure the security of your information and network. For many businesses, this means using a powerful VPN to mitigate potential threats.
According to Sydney Cybersecurity expert William Ellis of Privacy Australia, VPNs are a necessary security measure for people. He goes on to explain: “Suppose you are trying to access a public Wi-Fi network. It may have occurred to you that someone else is supervising your activity. Well, either from home or using a public connection, this is the reason for virtual private networks … they create an encrypted tunnel that separates you from the server that hosts the bandwidth of the website / Internet you are accessing. Surveillance agencies, hackers and other cybercriminals cannot see your IP address or other compromised data. “
As a last piece of advice, CISO needs to make sure to build a comprehensive security strategy from a precautionary place, making sure to take advantage of technologies, tools, and applications that can actively detect and prevent threats and viruses.
About the author: Gary Stevens is an IT specialist working on open source projects for both QTUM and Loopring. He is also a part-time blogger at Privacy Australia, where he talks about online security and privacy.
Editor’s note: The views expressed in this article by the guest author are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.