Mobile Device Security: Phishing, Mishing, and More
- Reading Time: 4 mins
In 2023, one in four users clicked at least one phishing link every quarter. It’s a shocking statistic that underscores a growing problem: mobile devices are increasingly targeted by cybercriminals.
As the remote and hybrid workplace trend continues—and with upwards of two-thirds of employees using a smartphone for work—mobile devices have become many hackers’ first choice of attack.
This blog will explore the top risks facing mobile device security, why industries like manufacturing are particularly vulnerable, and actionable steps you need to take to protect yourself and your organization.
The Top Mobile Security Risks
Phishing and Mishing
82% of phishing sites are designed to specifically exploit mobile users.
2024 Zimperium Global Mobile Threat Report
Mobile phishing, or “mishing,” is evolving at a rapid pace. In fact, 82% of phishing sites are designed to specifically exploit mobile users. These attacks take many forms:
- Smishing: Malicious links delivered via SMS.
- Quishing: QR codes that lead to phishing sites.
- Vishing: Voice phishing calls impersonating trusted entities.
Vulnerable Devices and Software
Unpatched devices and outdated software are two more major issues. At any one time, an estimated 40% of mobile users are running outdated operating systems that harbor known vulnerabilities. Meanwhile, the number of Common Vulnerabilities and Exposures (CVEs) in Android and iOS devices continues to climb.
Application Risks
Applications can present significant risks to your mobile security, especially when downloaded from unofficial sources or when their permissions and behaviors aren’t thoroughly vetted. Here’s what you need to know:
- Sideloaded Apps: These apps, installed outside of official app stores, often skip security reviews, making them a common source of malware and riskware.
- Poorly Reviewed Apps: Many apps request excessive permissions, fail to encrypt communications, or contain hidden vulnerabilities that can put your data at risk.
- Riskware: Some apps appear legitimate but include malicious features that can jeopardize your personal or professional data.
Protect yourself by asking these questions before downloading an app:
- Does the app come from a trusted source, like an official app store?
- Are its permissions reasonable for its functionality?
- Is your data encrypted while using the app?
- Does the app’s developer have a solid reputation?
Taking a moment to vet applications can go a long way in safeguarding your information.
Network and Public WiFi Threats
Unsecured networks and public WiFi open the door to man-in-the-middle attacks. Without proper safeguards, sensitive corporate data can be intercepted.
Better to avoid these types of WiFi networks by using a VPN or your cellular provider’s network.
The Rising Threat to Manufacturing
Why Manufacturing is a Target
Manufacturing environments rely heavily on mobile devices, especially for field workers operating across diverse networks. This, combined with a dependency on third-party apps and the prevalence of Android devices, creates a perfect storm for cybercriminals.
Key Stats in Manufacturing
- 80% of manufacturing employees work outside traditional office spaces.
- 1,421 Android CVEs were detected in 2023, representing a 58% increase from the previous year. When final 2024 data is eventually reviewed, the expectation is an even higher number of CVEs for these devices.
- Proofpoint reports that manufacturing employees are among the most susceptible to phishing attacks—about 25% higher than average.
Best Practices for Mitigating Mobile Security Risks
Awareness and Training
Educate employees on identifying phishing attempts, avoiding suspicious links, and using apps securely. Training is the first line of defense against human error. Also, get in the habit of communicating reminders to your team when operating system updates are released, encouraging them to update their devices.
Mobile Threat Defense Tools
Leverage MTD tools to monitor iOS and Android devices. Microsoft Defender for Endpoint, Harmony Mobile, and GlobalProtect are all examples of MTD solutions.
Stronger Authentication
Adopt phishing-resistant multi-factor authentication (MFA) for accessing sensitive data and applications. Implement zero-trust security principles to ensure that only authorized users can access sensitive systems.
Network Access Controls
Block unpatched devices or those running outdated operating systems from accessing corporate networks.
Take Charge of Your Organization’s Mobile Security
The threats to mobile devices are real and growing. By understanding the risks, prioritizing employee awareness, and implementing the right security measures, organizations can better safeguard their sensitive data and operations.
Looking for Further Help? Ask HBS
Protecting your organization from mobile threats doesn’t have to be daunting. HBS offers expert guidance and comprehensive cybersecurity services that can be tailored to your needs.
Let’s work together to secure your mobile workforce. Contact us today to get started.
Related Content
What to Include in an Effective BYOD Policy
Discover key concepts that should guide your BYOD policy. Write a clear BYOD policy with these tips to protect. company data accessed through personal devices.
BYOD Security for Employees: Protecting Both Your Work and Personal Data
8 Key steps for employees to secure personal and work data when practicing BYOD. Learn about strong passwords, software updates, VPNs, data separation, & more.
Mobile Device Security Best Practices
Mobile device security, along with tracking all hardware and software in your environment, is key in securing your organization.
