The dangers of mobile device use in the workplace
Company data on mobile devices
Whether on purpose or not, it is likely you or your employees have company data on a personal mobile device. How does such information end up on a device? Maybe a professional email was added to a smartphone or an employee’s Google Docs or Dropbox was downloaded onto the device. Without realising it, the mobile device now has an employee's private information as well as company data stored on it.
Data can get on devices intentionally as well, for example, when employees travel they often transfer information from their desktop or laptop to their personal mobile device so they can more easily access the data while travelling.**
Additionally, there are companies with BYOD policies that require certain security measures on devices although employees often don’t stay up to date on the latest antivirus software updates. If a company doesn’t have a BYOD policy, these devices likely have no security to protect it from outside attacks, leaving company data even more vulnerable.
Mobile phones are more widely used for professional reasons than before, and are just as prevalent as desktops in many offices today.*
Mobile phone use can benefit a company but many employees do not know how to keep the data on such devices protected. According to Lookout at RSA, 75% of those surveyed have at least once accessed corporate data from public WiFi networks and/or their personal mobile devices. Although many of these employees were probably just checking their email while grabbing a coffee, there is the danger that a device can be easily attacked on public WiFi and a hacker can access more important information and data than just the employees personal email. Employees aren’t always just checking their email either. In Ireland, 28% of employees have used personal devices to work on sensitive projects and data (according to a 2019 Microsoft survey).*
Vulnerabilities of phones
Why is the use of mobile devices so dangerous to a company? Lets begin with the physical proximity to the firewall. Mobile devices eventually go outside the boundaries of a company’s physical firewall, allowing the device to be more vulnerable to threats. Mobile devices can almost always be attacked too because people rarely turn off their phones when they aren’t using them. When a phone is on, hackers have access to the data on it. This is compared to laptops and desktops, that are usually shut down when not in use. In addition to this, mobile devices can be easier for a hacker to infiltrate because a mobile device can connect to a WiFi or bluetooth connection without the user’s knowledge.***
Users are also more likely to trust alerts and pop-ups on their mobile devices compared to their laptops and often don’t give a second thought when an app asks the user for access to their contact lists and other information on their device. Not only are mobile devices more easily attacked using methods such as phishing, but less than 20% of mobile devices use antivirus software even though they are just as susceptible to attacks as desktops/laptops.***
The vulnerability of a mobile device shows. A study done by IBM found that phishing attacks are three times more successful on mobile devices compared to desktops and laptops. Companies are generally aware of these dangers as they are 67% less confident toward the security of mobile devices and the security around the data stored on them compared to other devices, although they are less likely to encourage/require employees to secure their mobile devices.*
Overall, it is hard to avoid employees from using their mobile devices for work, especially when it can help the company by increasing productivity. Organisations must become aware of the risks of mobile devices and put policies in place to help protect data from getting hacked. A good place to start is having tools in place to remotely wipe a mobile device in case it is stolen or lost. Also, if there is not a BYOD policy or mobile device security policy in place, consider making one for all employees that use personal devices for work related activities, even if it just to use their phone to call another colleague. This includes making sure employees have updated antivirus software on all of their devices.
Security on a company’s desktops is not enough to keep the company data secure from hackers and attacks. The structure of businesses as well as how companies and employees conduct their work is evolving, so the security and policies of a company must change along with it to continue with success and without breaches.
Author: Guest contributor Melanie Humphrey