by
Christophe Réglat
| Nov 10, 2020
The Internet of Things (IoT) has made life more convenient in many ways, from web-connected
televisions to smart kitchen appliances. The cars we drive are no longer
just a vehicle to get us from point A to point B, they are our smartphone, our map,
and our personal DJ. As a result, an estimated 200 billion devices will need securing
by 2020, according to a cybersecurity report in Entrepreneur magazine.
Many of these devices have computer processors onboard and act as a self-contained
web server to handle communication and other sophisticated functions. Until we
start protecting our mobile and other smart devices the same way we protect our
computers, we're inviting increased risk.
Particularly with smartphones and tablets, it’s become commonplace to use these
smaller mobile devices for both work and pleasure the same as we would a desktop
or laptop computer. With the amount of personal and protected data stored on these
devices, cybercriminals are taking notice.
Consider all of the information contained on your mobile devices. Many apps such
as Amazon, PayPal and Venmo provide access to your bank account or credit card
information. What’s more, these devices contain direct access to your e-mail, text
messages and social media accounts that can be used to steal your identity and
trick others into providing their sensitive information, as well.
Among the top threats from mobile devices are:
- Free mobile apps that perform as advertised, but also send personal –
and potentially corporate – data to a remote server, where it is mined by
advertisers, or worse, by cybercriminals.
- Unsecured Wi-Fi and network spoofing, which is when hackers set
up fake Wi-Fi networks in high-traffic public locations such as coffee
shops, hotels and airports.
A survey by cybersecurity software provider Symantec found that three
in 10 small- and medium-business owners said employees have lost
a company-issued mobile device or had one stolen. Of those, more
than 25 percent said the event resulted in a data breach. When it
comes to your business, how are you protecting the data on your
company’s mobile devices?
Here are six tips to help ensure your mobile devices are secure.
- Use long, complex passwords, instead of the standard
four-digit code.
A strong password is at least eight characters long and
includes a combination of letters, numbers and special
characters. For added security, set-up thumbprint or face
recognition. Additionally, make sure your device auto-locks
when not in use.
- Turn off Wi-Fi and Bluetooth when not in use.
These platforms are essentially open connections to your
phone. Only turn them on when you need to use them.
- Only download apps from trusted sources such as
the Apple App and Google Play stores.
Malicious apps infected with malware are generally found
in third-party app stores and often resemble legitimate
apps such as games, instant messaging and even antivirus
software.
Look at the app’s reviews and star rating. Notice when
the app was published, and be wary of new apps or ones
used by few people. Also, be cautious about using free
apps. While it doesn’t cost money to use them, the app
does want something in return — access to your personal
information. Finally, set-up two-factor authentication,
especially for apps that store your bank account or credit
card information.
- Don’t click on links or attachments in SMS messages
from unknown senders.
Much like email phishing, “smishing” uses fraudulent
text messages to convince people to reveal personal
information, such as passwords and credit card numbers.
Mobile device users are especially vulnerable to these
attacks because the smaller screen makes it harder to
spot fake content.
“Smishing” scams are on the rise, in part, because they
appeal to cyber criminals who can enable geographic
targeting; for instance, posing as a local bank or credit
union to send messages to nearby mobile phone users.
“Smishing” also poses risks to companies because it can
trick users into downloading infected files, potentially
exposing sensitive data.
- Perform regular software updates on your device’s
operating system (OS) and all of your apps to patch
possible security vulnerabilities that can give malware
access to your phone or tablet.
- Make sure you have software installed on your mobile
device that lets you remotely lock, and if necessary,
wipe the data if it’s lost or stolen.
We live in a world where everything in our lives is
connected and automated; from the security cameras,
thermostats, and even baby monitors in our homes
to our medical data and physical activity. Mobile and
smart device manufacturers are making strides toward
investing in and prioritizing robust security features. But,
at the end of the day, the responsibility falls largely on
the user to adopt best practices and take the necessary
precautions to protect ourselves from the many threats
on the mobile landscape.
Christophe Réglat is president and CEO of
Coaxis, a partner program for the WSCPA.
Coaxis provides CPA firms with a fully-hosted
and managed network solution designed
to remove the complexities of federal and
industry compliances, curb the demands of
maintaining an IT infrastructure, and greatly
minimize the threat of cybercrime. For more
information, call (850) 391-1022 or email
lisa.bryant@coaxissolutions.com.
This article appears in the summer 2020 issue of the Washington CPA Magazine. Read more here.
Join Christophe at the Spark Technology Virtual Conference on December 3, where you will learn why your firm’s IT infrastructure is vulnerable in today’s “new normal” business environment and how to select a secure data hosting platform to support your remote workforce. Learn more about the conference here.
You can also join Christophe at the Fraud Virtual Conference on December 10. In this session you will explore how hackers use social engineering and explain how it works, how to prepare for it, and how to protect your firm. Learn more about this conference here.
Reprinted with permission, FICPA Florida CPA Today magazine