By Wendy Taccetta, SVP, Small and Medium Business for Verizon Business
The shift in our hybrid and remote working world and the increase in mobile device use allow for a bigger attack surface — with more locations and devices expanding vulnerabilities. No matter what type of business you are—whether a city-wide pizzeria chain to the local hair & nail salon and spa—you must be prepared today to address cybersecurity issues from every perspective. Mobile devices provide an entry point for a wide range of attacks, with bad actors increasingly finding innovative ways to exploit and manipulate users and information — potentially exposing data and disrupting operations.
According to the 2022 Verizon Mobile Security Index (MSI), extensive mobile use and the increase in mobile and IoT devices resulted in a 22% increase in data or system downtime. Additionally, 52% of respondents said they have sacrificed the security of mobile devices to “get the job done.” In retail, almost nine out of 10 businesses are concerned that a mobile security breach could have a lasting impact on their brand or customer loyalty and 41% of respondents said mobile presents a daunting security challenge.
The Biggest Threats to the Smallest Companies: The More You Know
While being mobile (and untethered) presents many benefits, SMBs still need to be aware, alert and keep their defenses up.
- Think before you click. (Phishing and mobile devices). Did you know that in 2021, 83% of organizations experienced a successful email-based phishing attack compared to 46% the year before? Attackers will take advantage of any opportunity to make their phishing attacks more successful. The design of apps on mobile devices can, unintentionally, make phishing harder to detect, helping attackers to get past people’s normal defenses. Help your employees prepare by not clicking a bad link, providing credentials, or executing a wire transfer.
- Just say no (To Apps and Access). The number of apps, especially web-based ones, continues to grow. Malware remains a major problem, but even everyday apps can be a threat. Giving applications access to the camera, microphone, photos, location data, and other data and device functions can be a significant security risk. Users should be careful about applications requesting permissions that they don’t need.
- Beware of Weird Campaigns (Malware). The 2022 Verizon Data Breach Investigations Report found that over 30% of breach cases involved some form of malware. Attackers design phishing campaigns specifically targeting mobile devices, and they build malware specifically for mobile devices too.
- Ransomware. The remote environment is primed for ransomware. As organizations continue to support remote or hybrid work, they no longer have the visibility and control they once had inside their perimeter. In fact, according to a recent State of Small Business Report, a majority of small and midsize business decision makers consider viruses (55%) and malware and ransomware (54%), the most concerning and at risk compared to previous years. Having unmanaged and personal devices on networks outside the traditional perimeter greatly reduces the visibility and control that security teams have.
- Devices and things. With more devices, the danger of lost or missing devices grows. But it’s not just the quantity of devices that’s growing, the variety is growing too. Today there are smartphones, laptops, tablets, hybrids, wearables, and a seemingly endless range of connected devices that employees are using.
- Networks and cloud. Insecure networks remain a serious threat to mobile device security. Attackers can intercept traffic through man-in-the middle (MitM) attacks or lure employees into using rogue Wi-Fi hotspots or access points.
10 Simple Ways to Prioritize Data Security in a Complicated World
With mobile use essential to staying relevant to consumers, it’s a good time for companies of all sizes, especially SMBs, to double down on their cybersecurity policies.
Data security doesn’t need to be complicated. Here are 10 simple ways they can better protect their data and key systems:
- Ensure that employees understand the importance of keeping operating systems and apps up to date on all devices.
- Prioritize cybersecurity awareness training so that employees know what to look for. (Training should include real-world attack simulations to mimic everyday scams.)
- Deploy anti-malware functionality to all devices.
- Consider restricting employee access on resources and devices not controlled by the company.
- Force password changes.
- Set mobile devices to allow full email addresses and URLs to be viewed.
- Implement controls to verify requests for changes in account information — this could be as simple as sending a confirmation message before changes are made.
- Develop a detailed bring your own device (BYOD) policy that clearly lists responsibilities in plain language.
- Verify your backups often — an emergency is a bad time to find out that there’s a problem.
- Consider introducing endpoint detection and response (EDR)—this uses behavioral-based analysis to provide threat protection and can provide valuable insight.
Remember, education, preventative maintenance and a proper policy and solution are key to protect both your business and your customers critical information against cyber attackers.
About the Author
Wendy Taccetta is SVP, Small and Medium Business for Verizon Business. My team and I are focused on creating the best end-to-end wireless experience for small business owners who trust their business to Verizon. Wendy can be reached at firstname.lastname@example.org and online at LinkedIn here: https://www.linkedin.com/in/wendytaccetta/ and at our company website https://www.verizon.com/business/solutions/small-business/
March 18, 2023