Orginally posted March, 2017. Updated August, 2021.
People tend to think about cybersecurity services as something related to the business network. Desktops. Laptops. Servers. They seldom consider the personal or mobile devices that employees are using to access work on the go or from home.
Yet, it’s become a significant threat for companies, necessitating mobile threat management. The working world is global, connected at all times through Wi-Fi and cellular data. We use this connectivity in our personal lives constantly. And the same is true for the business world.
The big difference, however, is that your business has all kinds of protected or proprietary information that – if leaked or misplaced – put your company at great risk of data loss, data corruption, compliance violations, and more. Even as small- or medium-sized businesses are more focused on how to manage their staff’s access to work remotely, they are often not attuned to the added cybersecurity risks that go with it.
Here are the top 5 applications that employees use on a daily basis to work that are causing cybersecurity issues for your business:
1. Consumer Grade File Sync Solutions
Apps like Dropbox, OneDrive, or Google Drive are rampant repeat offenders. Even though some of these applications have cybersecurity features, particularly OneDrive, you can bet that employees aren’t even attempting to set up those features. Even if they did, if the application is being used to manage or share company files or data, but the applications isn’t being managed by your company, they pose significant security risks.
They also remove data access controls. These are when your company has policies about who can access certain file types. If these files are replicated into employees’ personal accounts, then all control over that data is lost. Not only does this pose the risk of being hacked, it also creates an easy way to steal corporate information for personal gain. Such as the disgruntled employee who downloaded the company’s client list and took it with them as they started a new job at a direct competitor
2. Unsecured Cloud-Based Email
Your staff will either use a personal email account – likely Gmail, Yahoo, Hotmail, etc. – by forwarding themselves files or correspondence they need. Or, they will connect to their Outlook on their mobile devices, providing full, unprotected access to their email on an unsecured, unmanaged mobile device.
Either way, these are both outside your realm of control. The result is that ransomware, malware or other emails can get through your network in one of a few different ways. Consider the following scenarios – all based on real events.
Examples of mobile device security breaches:
-
-
- The employee’s personal device is infected or accessed, and the hackers gain access to your email system. They email employees posing as your employee to gain access to personal information or have money wired to an offshore account.
- The employee forwards corporate employee personal information, to their Yahoo or Gmail account on a personal computer. Either their email account is compromised, unbeknownst to the individual, and that corporate information is obtained and sold on the Dark Web.
- Their mobile device is being used to attempt to gain access to your company network when the individual is at work.
-
3. Project Management Tools
If you use a project management tool – like Asana, Mavenlink, Monday or any number of other options, then your staff will most likely search and install the mobile application for that tool as well. This allows them to keep track of their to-dos when they’re away from the office. It also exposes all proprietary project information to greater risk, in the same ways that the email application and file sharing apps do.
4. Sales Customer Management (CRMs)
Think about what a goldmine of data your CRM is! There are tons of CRMs out there. Salesforce, ConnectWise, Insightly can all be installed on mobile devices as an application. Some configurations also allow for access through a web browser, as well.
The devices being used to access your CRM can expose all of your client and prospect information. In some cases, targeted attacks will research companies – even small businesses – and identify key sales personnel. The hacker will then target those persons, attempting to gain access to their personal devices in an effort to seize your client and prospect data.
5. Password Manager Applications
Of course, these applications can be the most dangerous, especially if you think you’re protecting your business through extensive password policies. Your staff will want to make their lives easier through password manager applications like LastPass, Dashlane, or Keypass, and are then exposing all of their company passwords and the information protected by those passwords, to theft or loss.
Password management applications aren’t inherently bad for cybersecurity. They can be a very useful tool to enforcing password policy and helping employees manage passwords. The key is to utilize multifactor authentication and have a company-appointed security officer oversee and manage the application use and policies for all employees.
Cybersecurity Serves Your Company Everywhere
Mobile device use, remote access and work from home are all here to stay, ready or not.
It’s important to understand how your employees will access their work remotely, or wherever they are, with or without your permission or guidance. And it’s equally as critical to see firsthand what kind of information will then be available to any hacker or individual given access to these mobile devices.
3 Steps to provide on-the-go-security:
- Accept that mobile, remote access is happening within your business
- Research mobile device management solutions that will best fit your needs
- Train your staff on cybersecurity threats make them aware of their role in protecting your company
Not all IT service providers offer the same level of protection with their cybersecurity service and come at varying price points. Meaning – you can most certainly find the right mobile device management solution for your business. Don’t put this on the backburner. It’s at the forefront of your company’s security.
Get Started Now: Get a Cybersecurity Assessment
Nortec Cybersecurity Services
Nortec operates with a paradigm shift in network security that ensures our clients remain safe from attacks like these. We leave nothing to chance, offering multiple layers of protection such as:
· Threat prevention & firewalls
· Comprehensive threat monitoring
· State-of-the-art Intrusion detection
· Secure cloud-based backups
· Cybersecurity training for your staff
· Mobile device security & management
· Identity and access security
· Cybersecurity & cloud consulting
Don’t leave your security to chance. Book a cybersecurity assessment or call us: (866) 319-4508.