Mobile security is a hot topic at the moment, and for good reason. According to a recent Experian survey, small businesses are more likely to fall victim to hackers than large, established companies. They tend to see themselves as less attractive than a big corporation and rarely operate with a dedicated, professional IT team – and as a result, they spend less time and money making sure their data and systems are hacking-proof.
While the term ‘hacker’ tends to conjure up images of computers, almost any system can be vulnerable: from your smart TV to your company’s servers, and, of course, your smartphone. As a small business owner or employee, it is essential that you are aware of the risks – and that you know how to keep your mobile phone and the data stored on it safe.
How does smartphone hacking take place?
Everyone knows the words ‘hacking’, ‘virus’, and ‘data breach’. But what exactly goes on when your smartphone is under attack? There are many different ways for someone to access confidential information, and one of the biggest menaces is a social engineering technique known as phishing.
In order to phish, a hacker will discreetly ask questions through e-mail surveys or over-the-phone questionnaires in order to find out personal details about you. In a professional environment, passwords are very valuable commodities: if your password has some sort of personal affiliation, a hacker may be able to deduce what it is by phishing out your personal details (town of birth, mother’s maiden name, etc.) You may think that using a random password generator is enough to keep you safe from phishing – however, most password systems have backup authentication questions that will still require personal information to answer.
What about viruses, then? Viruses come under the category of malware, also known as ‘malicious content’. Basically, malware is a form of software (malicious + software = malware) designed to damage or corrupt a system it invades. While the terms are often used interchangeably, not all malware is a virus! Different forms of malicious software exist.
- Viruses are a piece of code that acts like a parasite and infects your software, spreading along the system.
- Trojans are a type of virus that poses as a safe program or app that you can download onto your phone, which then works behind-the-scenes to steal personal and company information.
- Spyware, like the name suggests, is a type of malware which spies on you in order to gather information about your internet activities or your phone’s system.
- Ransomware will restrict access to your phone until you pay a fee to the criminal who sent it to you. Typically, you’ll see a pop-up appear on your screen telling you that you will be locked out of your phone until a ransom is paid.
Sometimes, all a hacker needs to infiltrate a phone is the owner’s number. Once they have it, they can send a text message and attempt to coerce the user into clicking on a link which can then send malware onto the phone. If the hacker is targeting a business, Trojans are especially useful, as they can access the information on the handset undetected.
If an employee of a small business has their mobile phone compromised, it could prove very difficult to find the attacker. Because smartphones can be used as a ‘pivot point’ for the hacker to store all their stolen data on, everything would point to the phone’s owner as the culprit – even if they’re completely innocent.
Why smartphone security matters for businesses
Because more and more people are working on-the-go on their smartphones, they need to make sure they access company data securely, especially if they’re using their personal devices. (But even company smartphones need to be properly protected!)
Business owners have a duty to assist their staff with cyber security if they don’t have a dedicated IT department, and implement security policies such as banning employees from accessing corporate data using a public Wi-Fi network. (62% of employers have already done this. It might be worth doing the same if you haven’t.)
The two most important types of data to keep private are financial and customer information – financial goes without saying, but while having customer data stolen might not directly hurt your business, it will still have some very grave consequences. A 2016 EU directive – the Article 29 Working Party on Data Protection – asserts that businesses must have measures in place to protect themselves data breaches.
Article 29 states: “common EU rules have been established to ensure that your personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU.” This means that any business that loses their customers’ personal data is accountable; should regulators find a business guilty of losing customer information, the business could face a fine of up to 4% of their annual turnover. For small and large businesses alike, this would be a devastating loss of revenue.
Even if no financial losses occur, losing your customers’ trust will be extremely damaging. It’s important that you keep their details as safe as possible.
How can I make sure my smartphone is hacker-proof?
First, choose your device carefully. Most top-range manufacturers, such as Samsung and BlackBerry, are aware of the demand for secure smartphones and are known for their impressive security features. But it’s also important to know the risks so you can avoid them. Some best practices you and any of your employees can follow are:
- Beware of emails: don’t open spam emails or emails from unknown senders, and don’t open attachments unless you’re 100% positive they have come from a legitimate, safe, and known source.
- Beware of apps: be careful when installing apps, and keep an eye on the permissions you grant them – while most apps won’t be malicious, it’s rarely a good idea to give them access to your microphone or files.
- Beware of open Wi-Fi networks: while it is nice to have free WiFi, they’re often left open without a password. An unsecured wireless connection can allow anyone with just a little technical knowledge to see what you’re doing online.
- Use two-factor authentication: make it impossible for someone other than you to access your smartphone or email accounts by adding a second layer of security.
- Educate yourself and your staff: when hiring someone new, make security a priority during their induction. Remind them of their responsibility and talk about the consequences of a data breach.
Obviously, this list is non-exhaustive, but it should give you enough to get started with cyber security.
Call our team of experts on 0333 996 0029 or email firstname.lastname@example.org