The efficacy of different mobile computing security approaches

Mobile phones and other mobile devices – such as laptops and tablets – are fundamental to our personal and professional lives. With their desktop capabilities, numerous applications, portability and processing power, they make it quick, easy and convenient for us to access the internet and communicate from any place we choose.

However, due to increasing affordability, accessibility, our modern reliance on Internet of Things (IoT)-based tech solutions, and workplace shifts towards bring-your-own-device (BYOD) policies, the sheer scale and use of mobile computing leaves us ever-more vulnerable to security risks, data breaches, fraudulent activity, scams and other types of cyberattack. It’s a dangerous – and prohibitively costly – business: according to IBM, the average cost of a data breach is projected to reach $4.2 million this year.

Threat vectors are growing in complexity, sophistication and impact. Companies across all industries are on the lookout for professionals with the specialist skills to safeguard their assets from information security issues – so there’s never been a better time to upskill.

What are the main threats to mobile security?

Our increasing reliance and widespread use of mobile devices has one significant disadvantage: a parallel increase in the focused attention of cybercriminals and the diverse ways in which they attempt to exploit system vulnerabilities.

Wherever sensitive data exists, threat actors are poised to attack with the next generation of endlessly creative methods. Some of the most common security threats to smartphones and similar devices include:

• phishing. Malicious links or attachments containing malware are contained within emails, multimedia messages, SMS messages, social media, social networking and certain types of mobile applications. Most phishing attacks are designed to ‘trick’ users into engaging with the content.
• mobile ransomware. This damaging variety of malware encrypts a device’s files and then demands a ‘ransom’ payment for restored access to the data.
• malicious mobile apps and websites. Due to their use of software and internet use, mobile devices are at risk from mobile malware such as malicious apps and websites. These may present in a variety of forms, for example spyware, with the most common being trojans and ‘ad and click’ scams.
•  jailbreaking and rooting techniques. These techniques refer to ways of gaining admin access (‘root access’) to iOS and Android devices. Using these admin permissions, criminals can gain access to greater amounts of sensitive information and cause damage on a wider scale. Users who install apps from untrustworthy sources, or uninstall a device’s default apps, also unwittingly expose their devices to attacks.
• man-in-the-middle (MiTM) attacks. Mobile devices are particularly susceptible to hackers intercepting network communications in order to modify, or eavesdrop on, transmitted data. This can result from unencrypted HTTPS, users operating outside of virtual private networks (VPNs), and connecting to compromised, untrustworthy or public Wi-Fi networks.
• device and mobile operating system (OS) exploits. As cybersecurity often concerns itself with top-layer software, vulnerabilities that exist in lower-level software stacks can go overlooked. Hackers aim for these entry points as they can exist outside of a device’s security solutions.

What are the benefits of implementing mobile security?

Mobile device management (MDM) brings with it a host of advantages for any business or user. Clearly, it’s fundamental to protecting businesses and their employees from cybercrime attacks, malicious activity and loss of highly sensitive data. However, it also enhances regulatory compliance, application control, data back-up, automated device registration, enforcement of security policies, and BYOD initiatives, and more.

Mobile device management software can help with this by combining device applications, infrastructure services, and in-built management features.

What are examples of mobile security best practices?

Uniserve, a global IT and computer services firm, list several non-negotiables for organisations seeking ways to protect against mobile security threats:

1.   Password-protect your device – Just like with mobile banking and other types of apps, mobile devices should be set up with comprehensive user security protection. This may include all, or a combination of, features such as screen lock, password requirement, two-factor authentication, biometrics such as face ID or touch ID, and time-out periods. Users should also follow the recommended guidelines for creating passwords, such as creating a complex password that’s difficult to guess, and using different passwords for different purposes.
2.   Keep your OS up to date – Outdated software provides a gateway for cybercriminals to exploit mobile systems. Users should ensure that automatic updates are switched on for all devices to aid mobile protection, for example automated iOS updates and prompts for Apple iPhone users.
3.   Install anti-malware software – Mobile devices, just like desktop computers, laptops and servers, are susceptible to malware. All systems should feature robust anti-virus software for mobile malware mitigation, preferably one that includes features such as firewalls, passwords, filtering, encryption and real-time malware detection.
4.   Avoid public Wi-Fi and use VPNs – Free public networks make devices more vulnerable to personal data theft and malware infection. Using a VPN – rather than public networks or Bluetooth – increases online security and confidentiality, ensuring all transmitted data is highly encrypted and safe.
5.   Enable remote lock and data wipe – When a device is lost or stolen, the ability to remotely lock it, or entirely remove any confidential stored data, is an incredibly valuable tool. Cybersecurity specialists view turning on remote lock and data wipe options as basic, necessary requirements of users.
6.   Make use of cloud back-ups – IT departments should plan for business continuity and disaster recovery planning by implementing cloud-based back-up solutions on all devices and machines connected to their networks.
7.   Partition your data – Separating the types of data held on a device – keeping personal and business information ‘partitioned’ – makes the process of permanently wiping specific data, for example in the event of a breach, or when changing devices, smoother and more controlled.

There are many other ways in which mobile device users and smartphone users can be supported to safeguard against data security vulnerabilities. For example, other methods include application security, endpoint protection, monitoring network traffic, using a cloud-access security broker, training users to spot suspicious activity – and consider their own actions, such as what they engage with in app stores, limiting personal information given to apps and sites, locking down permissions, and turning off location services and GPS (global positioning system).

Gain the specialist skills to enhance mobile device security and combat cyber threats

Maintain and protect integrity, identity and confidentiality of mobile devices and other technologies with the University of Sunderland’s online MSc Computer Science with Cybersecurity programme.

You’ll learn how to tackle the ever-growing range of security threats and support all businesses – from small-to-medium enterprises (SMEs) to large corporations – to improve mobile security and cybersecurity. Explore core cybersecurity topics that enable you to develop robust solutions for information systems security – in any industry. Choose from engaging modules and topics such as software engineering, usability, data security, databases, networking, and analytics, and learn popular programming languages such as Python, R, CISCO and Oracle.