The number of mobile phone users is predicted to reach 6bn* globally by 2020, overtaking the number of landlines. Not surprisingly, cybercriminals have turned their attention to these devices, ramping up both the number and sophistication of their attacks. Indeed, many analysts expect that 2018 will see a steady increase. With more users bringing their devices into a business environment and accessing the corporate network, the risks around mobile security takes on an added dimension.According to a joint report from the Center for Strategic and International Studies (CSIS) and a leading software security vendor, the cost of cybercrime is estimated to be $600bn this year, almost certainly an underestimate as many crimes don’t even get reported, but it reveals why criminals see this as a lucrative option. What’s more, mobile phones are just as susceptible to hacking, viruses and malware as computers and laptops. Vulnerabilities in both the Android and Apple operating systems have been reported in the past, so it’s a concern irrespective of the type of phone.

According to a recent report from McAfee**, the primary motivation for mobile attacks is financial gain with more targeted attacks on account holders of large multi-national and regional banks, more virtual bank robberies and more targeted surveillance can be expected. The increase in the use of IoT devices was also seen as adding to the risk.

So, what are the most common types of attack and what can be done to protect both the mobile phone user and a company from becoming a victim?

Public wi-fi networks

Firstly, mobile users should be particularly careful using public wi-fi networks. Whilst most are legitimate they are not secure. An unsecured wi-fi network doesn’t require you to enter a password or login credentials to use the network. These “open” networks also involve un-encrypted connections, leaving users at great risk. Using password protected wi-fi connections help to keep unwanted third parties from carrying out man-in-the middle attacks between the user’s device and the intended destination. Fake wi-fi networks are often set up by hackers in coffee shops or shopping malls, tricking users to the legitimacy of the site and providing users with free wi-fi in exchange for information which can lead to the hacker gaining access to email addresses and passwords. As users often have common passwords for different applications, this can provide access to other more lucrative applications and information. Yet the use of a VPN can provide protection by encrypting your internet connection ensuring that your privacy and security is maintained at all times. However, the best security is simply not to connect to the company network and sensitive information on unsecured public wi-fi.

Fradulent emails

Phishing remains a threat to mobile users, particularly as their devices are always on. This means that they are more likely to see and succumb to a fraudulent email that demands some immediate action. Many attackers still rely on malicious e-mail attachments to infect devices. The simple rule is not to open attachments and click on links from unknown sources. The same applies to downloading apps. It is highly recommended only to install apps from trusted sources, check on what permissions are being requested particularly when it comes to free or ad supported apps. If something sounds too good to be true, it’s probably a scam. Gift scams with fake promotions can lure you to websites that subsequently infect your device.

Mobile operating system updates

Updates to your mobile phone’s operating system are often released and it’s important to ensure that these are installed. Often, these are updated to secure a weakness that has been exposed by a hacker. Of course, users and companies can help protect themselves by installing antivirus protection on their devices. Many of them do much more than run automatic scans, and they’ll actively try to prevent malicious web pages and files from being opened or downloaded in the first place. Another useful feature is “in app- locking where your device will ask for a PIN before opening certain apps. Some also have anti-theft features allowing you to remotely lock or wipe an Android device if it goes missing, track its whereabouts and even take a picture of the thief. Setting an automatic lock and using a strong password to open your device is also recommended and features such as fingerprint scanning and facial recognition are also now more widely available and add to the security.

Human error

Probably the most common reason for security breaches is simply down to human error. This is particularly the case with mobile phones where work and life often becomes merged. Whilst using your mobile phone at work is often an easy option, employees need to appreciate the need to adhere to the company’s security policy and that an IT department needs to protect company assets. Of course, most employee lapses aren’t deliberate, they are more often simple mistakes such as posting a company file to a public cloud storage platform, forwarding an e-mail to the wrong recipient or losing the device. Humans are often the weakest link. Data loss prevention tools are intended to prevent inadvertent or malicious loss of sensitive company information by identifying content, tracking activity and potentially blocking sensitive data from being moved.

Bring your own device

BYOD has become increasingly popular but it also requires extra diligence and controls. When employees bring their mobile phone into the workplace, information about that device is unknown. The risk of malware infiltration and exposing the company to the risk of data loss or leakage increases. By default, corporate provisioned devices will have security controls in place. To be effective, BYOD users will require access to the corporate network both in and out of the workplace. A basic level of controlling access to the company network is essential. Indeed, most companies will be required to have a degree of management over the devices to track their usage.