business Mobile Devices: The Weakest Link in Cybersecurity? May 30, 2017 Protecting company data depends on protecting every device that is connected to it. This has become significantly more difficult in recent years due to mobile device usage. Given the widespread and extensive use of smartphones, laptops, tablets and wearable devices in the workplace, it is no surprise that mobile devices account for a good portion of a company’s cybersecurity weakness. Why are mobile devices susceptible to cyber fraud? Wearable devices can give away PINs and passwords through an algorithm that has 80% accuracy on the first try and 90% after just three attempts (according to a study from Stevens Institute of Technology). Hackers can track hand motions and figure out your PIN. How to avoid this? Using your watch-free hand when typing PINs can help. Employees bring their own unsupported devices to work. Some don’t practice good security habits on personal devices, such as not applying the latest security update. Employees travel abroad, where devices can sometimes be more vulnerable to fraud if the right security practices are not observed. Phony apps- Many scams begin with an unsuspecting user downloading a misleading app that requests payment and/or personal information. What can employers do to stop this? Educating employees on proper use of mobile devices in the workplace is the key responsibility of management. It is vitally important for employers to invest in the latest systems to protect company data and ensure that employees’ sensitive data is protected as well. Individual responsibility As mentioned above, a big portion of the issue with mobile devices is the lack of security precaution observed by employees. Below are some tips for employees: Set a lock and pin on all devices (most phones have an “auto lock” feature). NEVER connect to unsecure, public Wi-Fi options Keep Bluetooth out of “discovery mode” Notify your employer immediately if a device is lost or stolen. There are remote “wiping” features that will clear a device’s data if it falls in the wrong hands. Encrypt corporate data (most companies provide security software for remote users) More often than not, it is the person using the device rather than the device itself that is the weak point. With the prevalence of the “Bring Your Own Device (BYOD)” policy which allows employees to bring personally owned devices to the workplace, and use them to access company information and applications), more potential fraud risks are being transferred to the work place. This means that it is more important than ever before to be on constant guard for better security practices in the workplace. It is both the employer’s and the employee’s responsibility to update devices regularly, use PINs and passwords, and exercise caution when using phones and other devices remotely. Questions? Reach out to any member of our Information Security Services Team.