What Is Mobile Security?
About 5 billion people worldwide use mobile devices to access the internet, and to date, an estimated 200 million applications have been downloaded to smartphones and tablets. With this explosive growth in the use of mobile devices and applications comes an increasing number of threats to mobile security.
Mobile Security Definition
In a nutshell, mobile security is cybersecurity for mobile devices. It involves protecting smartphones, tablets, and laptops from cyber threats such as data loss, credential theft, account compromise, and so forth.
Mobile devices have become an intrinsic part of everyday life. People are no longer just using them for texting, social networking, and entertainment. The availability of applications for business and professional networking has turned mobile devices into handheld computers that can be used on the go.
For this reason, mobile devices need protection so they do not become a means to compromise private information. Common mobile device security threats that users have to contend with include malicious applications and websites, data leaks, spyware, social engineering attacks, and more.
Components of Mobile Device Security
Good mobile security policies include components that protect an organization’s network or system from various types of attacks. Some attacks are designed to infiltrate a network, while others are engineered to compromise communications or exploit vulnerabilities found in mobile devices.
The following security components work together to minimize the risk of mobile device attacks:
Users connecting to the network from a remote location should always use a virtual private network (VPN). VPN services encrypt data between devices or between the device and an internal network. Any mobile device connecting to an organization's network remotely should use a VPN to protect their activity and data from malicious parties.
Endpoint security for mobile devices is the use of technology, best practices, and other measures to protect mobile devices such as laptops, smartphones, and tablets from cyber threats and attacks. Businesses can use endpoint security software to safeguard their employees’ devices from exploitation while connected to the network or in the cloud.
Secure Web Gateway
Secure web gateways (SWGs) protect mobile devices from online threats by filtering traffic and automatically enforcing company security policies. SWGs can be installed on-premises or in the cloud, and they are positioned between the user and the internet, acting as a gate or filter.
At the very least, SWGs need to include application control, antivirus technologies, data loss prevention, Hypertext Transfer Protocol Secure (HTTPS) inspection, and Uniform Resource Locator (URL) filtering.
Email security uses filters to block suspicious messages that may contain unverifiable links and attachments. One of the biggest cybersecurity threats to business organizations is phishing. Email services on a mobile device allow personnel to maintain communication on the go. But phishing messages target mobile users using malicious links or attachments.
Mobile Device Security and Threats: iOS vs. Android
Which devices provide a safer experience—iOS or Android? Many users claim that iOS is more secure, with few vulnerabilities, and Apple’s regular updates provide security patches in a timely manner.
But for organizations using mobile devices, the answer is a little more complex. The Android operating system (OS) is more customizable with its open OS and the ability to sideload applications. Additionally, Google makes strenuous efforts to keep the OS updated and secure. Company security policies regarding download permissions for applications can also do much to secure an Android device.
The bottom line is that organizations will have to weigh security against flexibility, especially in scenarios where a company has a bring-your-own-device (BYOD) policy. In many cases, they would have to strategize for both operating systems.
Top 9 Mobile Security Threats
With increased mobile usage comes increased security threats. Recent statistics show that more than 60% of digital fraud cases are initiated via a mobile device. An unsecured mobile device can become an access point for countless malicious attacks.
Malicious Applications and Websites
Just downloading a malicious application or visiting a malicious website may be enough to infect your device and the network it is connected to. The website or application may attempt to install malware on your device, or they may prompt you to allow an install that looks legit but is in truth malicious.
Applications with Weak Security
Apps with weak security put your data at risk. They do not offer adequate encryption for stored data or data in transit. This can result in identity theft, intellectual property theft, or loss of business-critical data. Downloading such apps to your device can compromise not only your personal information but also your organization’s data.
Data leakage is a slow data breach that can happen in two ways:
- Physical leakage via sharing or theft of portable storage devices, such as USB drives or external hard drives
- Electronic leakage when data transmission pathways are compromised by an unauthorized device, and data is stolen while in transit. With mobile devices, this can be a result of giving apps too many permissions.
Mobile ransomware does what it sounds like. It will hold your device at ransom, requiring you to pay money or information in exchange for unlocking either the device, certain features, or specific data. You can protect yourself with frequent backups and updates.
Phishing attacks most commonly target mobile devices because people seem more inclined to open emails and messages on a mobile device than on a desktop. Part of the reason is that the smaller screen only shows a partial sender name or subject line, making it harder to identify suspect emails. Additionally, mobile notifications are easy to click on, and many users click on them almost as a habit.
Man-in-the-Middle (MITM) Attacks
In MITM attacks, a hacker positions themselves between two parties who believe they are communicating directly with each other. This allows the hacker to trick a user into inputting credentials and steal sensitive information given in full trust. Since mobile devices are frequently used for communication and account logins outside the office, they can represent a significant risk for organizations today.
Network spoofing happens when malicious parties set up fake access points that look like a legitimate Wi-Fi network that users can connect to. These traps are set up in high-traffic areas frequented by employees using their mobile devices to connect to work-related applications or systems. A common trick is to offer “free” Wi-Fi if users set up an account first. The goal is to access passwords and other personal data.
Spyware is a type of malware installed on a device without the user’s knowledge. Once there, it gathers data about you, your habits, and activities, and sends it to a third party without your consent. For this reason, some spyware is also called stalkerware.
Since mobile devices often carry personal and financial data, a compromised device can lead to identity theft. Malicious third parties can steal this data electronically or by physically stealing your device.
How To Safeguard Against Mobile Security Threats
Endpoint security for mobile devices requires a defense solution that can promptly detect and respond to various types of attacks without negatively impacting the user experience. This solution typically implements:
- A comprehensive view of applications, devices, and networks across the organization
- A flexible and scalable defense strategy
- Risk visibility in the mobile and remote workforce
- Privacy protection built into the design of mobile security policies
- A positive user experience and optimized work environment
How Fortinet Can Help
FortiClient is a Fabric Agent that delivers protection, compliance, and secure access in a single, modular lightweight client. A Fabric Agent is a bit of endpoint software that runs on an endpoint, such as a laptop or mobile device, that communicates with the Fortinet Security Fabric to provide information, visibility, and control to that device. It also enables secure, remote connectivity to the Security Fabric.
What is mobile security?
Mobile security is cybersecurity for mobile devices. It involves protecting smartphones, tablets, and laptops from cyber threats such as data loss, credential theft, account compromise, and so forth.
Why is mobile security important?
Mobile devices have become an intrinsic part of everyday life, and the availability of business and professional networking applications has turned such devices into handheld computers employees use on the go. For this reason, mobile devices need to be protected so they do not become a means to compromise private information.
What is a mobile security threat?
Mobile device security threats may include malicious applications and websites, data leaks, spyware, social engineering attacks, and more. They are designed to infiltrate a network, steal data, compromise communications, and exploit vulnerabilities found in remote endpoints.