Story image

Is mobile shopping compromising your enterprise security?

06 Dec 2018

Article by Morphisec VP Tom Bain

Just as online shopping took over for in-store shopping during the last decade, shopping on mobile devices is poised to overtake shopping on non-mobile devices in the years to come.

Early data on online shopping this holiday season illustrates the trend.

According to Salesforce, a record number of orders were placed on smartphones on Thanksgiving (54%), and mobile devices created 68% of all retail site traffic, and between Black Friday and Cyber Monday, mobile shopping sales exceeded $4 billion.

With mobile shopping becoming the preferred method for consumers to work through their holiday gift lists, it’s no surprise that people are turning to their work-issued mobile devices as well to help place their orders.

The Morphisec: Holiday Impact on Enterprise Security Survey recently found that nearly half of employees will use a work-issued computer or mobile device for online shopping this holiday season.

This can be hazardous to the cybersecurity of their employers.

When employees choose to use work-issued devices and corporate network resources (WiFi) to do their holiday shopping online, security teams have a challenge with the surge in browsing and online transactions.

This time of year features a substantially higher bandwidth and resource consumption rate, both inside organisations and outside, as professionals surf and shop online.

The reliance on mobile devices for shopping even poses a risk to enterprise security when employees stick with using their own iPhones.

More than 47% of employees will use their personal devices for work-related activities as they travel during the holiday season.

That means that any professional that visited a malicious site on their own mobile device may be inadvertently opening up their employer’s network to their compromised endpoint.

To help both employers and their employees keep their mobile devices protected, here are some tips to ensure mobile shopping doesn’t affect enterprise security.

Beware of adware -- it isn’t only a shopping annoyance

Professionals shouldn’t be lulled into a false sense of security when they stumble across Adware via unfamiliar mobile sites they are trying to shop on as they court the lowest prices.

Potentially Unwanted Programs (PUPs) continue to be the largest group of threats prevented by Morphisec, representing 40% of all attacks.

Don’t update mobile applications in a festive rush

It’s easy for us all to go through the motions of installing and updating applications on our phones, but how often do we read the app permissions? If you need to install an app, check what it is gaining access to.

This can help you try and identify if the application will invade your privacy or if it's malicious.

Lookout reports that man-in-the-middle attacks affected about 0.8% of enterprise devices. Luckily, Android’s Google Play app store automatically comes with Google Play Protect, which guards users against potentially harmful apps (PHAs) with daily scans.

According to the Android Security 2017 Year in Review report, the annual average of a user-downloaded PHA from Google Play was 0.02%, making it 50% lower than in 2016.

Don’t share a Wi-Fi network with unwanted holiday guests

If you don’t have an unlimited data plan, it’s almost second-nature to just connect to whatever Wi-Fi is available.

Free Wi-Fi hotspots don’t require authentication, which helps hackers gain access to all of the unsecured devices connected to it.

The next time you connect to a public Wi-Fi, use a VPN service to ward the hackers off.

Last year, there were 1,579 data breaches, which exposed nearly 179 million records.

We’re entering the fraud-filled holiday season, and it’s critical everyone does their part to help prevent a cyber attack.

In general, work-issued mobile devices should only be used for work; however, if the time comes where you need to place an order on your phone, be sure to take every precaution possible to keep you and your organisation safe.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.