Mitigating Risk in a Remote World: 3 Keys to Device Security

VPN zero-trust

Remote work may have increased employee autonomy, but it also expanded the attack surface at most organisations. 

Couple that growing digital footprint with escalated use of the cloud and you have 2 of Gartner’s “7 top trends in cybersecurity for 2022”. Unsurprisingly, mobile security is among the “most urgent projects in security improvements for remote employees and risk-based vulnerability management”, according to Tech Target

Don’t want to end up compromised by a mobile security breach? Focus on safeguarding your data and devices with these mobile security solutions. 

What to Watch for: 6 Common Ransomware Attacks on Mobile Devices

If you can’t afford to have sensitive data stolen from your mobile device or be locked out of your smartphone altogether, this is one to watch for. CXO Today urges businesses to guard against these common ransomware entry points to avoid costly mobile malware infections. 

  1. Malicious apps: Knowing how to identify illegitimate apps is a skill. Unfortunately, even that won’t do you much good if a harmful app has been bundled with a seemingly legitimate one. While they may disguise themselves with familiar-looking icons, suspicious permission requests, spikes in data usage, and pop-up ads are all telltale signs. Stick to verified apps only to avoid accidentally installing and activating ransomware.
  2. Phishing Scams: Though these techniques are well-documented, new AI tools are helping cybercriminals come up with more convincing ways to con mobile users and targeted groups. Whether clicking on a malicious link or downloading infected files, ransomware can quickly take over the mobile device under false pretences. 
  3. Drive-by downloads: Mobile browsers and apps are prime targets for attackers. If they find a vulnerability, they can force devices to automatically download and install ransomware. Most users don’t even realise there’s a problem until it’s too late.  
  4. Unsecured Wi-Fi networks: Beware of public Wi-Fi networks. Cyberattackers consider this ‘low hanging fruit’, a place they can reliably go to run interference with network traffic for the sake of injecting mobile devices with malware. 
  5. Outdated software: Your mobile operating systems and apps need to have the latest versions installed at all times. Once a new update is announced, many attackers know exactly where the existing vulnerabilities are. 
  6. Side-loading: Third-party apps and alternate app stores may contain downloads with security holes that make them more susceptible to malware infections and data breaches. 

Applying Prevention with VPNs and Zero-Trust Apps

A forceful and comprehensive mobile security strategy favours prevention over cure, using best practices like: 

  • Using Virtual Private Networks (VPNs). Sometimes logging into a home or public network is unavoidable when you’re working remotely. By instructing employees to browse using a VPN, businesses can ensure traffic is routed through their network. Doing so exposes them to all the same protections and security features as if they were in-office – instead of potential attack. Take it a step further by strengthening the authentication process with smart cards. “A VPN smart card is a digital certificate that offers user-level authentication without using a username or password,” explains Kain Mathrick. “Your trusted computer security service or enterprise security services may help you configure smart cards for your VPN.”
  • Installing zero-trust apps: If you want more control over what is accessed and by which users, adopt a zero-trust security model. Any attempt to log in or access applications that have been predefined as unauthorised are blocked. An attempt log is then created which managers can use to follow up with team members who may need additional training or that IT teams can use to investigate further.

Preparing for the Worst and Developing a Response Plan

With attack numbers soaring, even the most diligent organisations are having to make additional security preparations. 

Should you get hit with a ransomware attack, every second that ticks by is critical. The sooner you can act out your cyber incident response plan, the more likely you’ll be to mitigate the damage. 

Make sure it includes sections that detail how to isolate the device, notify the appropriate teams, and restore backup data. Try to identify exactly what type of ransomware you’re dealing with so you know how to chart your plan accordingly. 

And whatever happens, remember that meeting their demands isn’t your only option. 

Ultimately, working from home can still work well for businesses and remote teams. The key is to commit to security measures that sufficiently address the complexity and sophistication of modern threats – or pay the price.