Ransomware attacks are now the biggest online security threat to businesses in the UK, according to the chief executive of the National Cyber Security Centre.
These are attacks when criminals gain access to a company network or internal systems, encrypt the data, then demand payment for the information to be released back to the company.
And they’re becoming more professionalised.
They’re not state sponsored attacks.
They’re organised gangs, often targeting large numbers of smaller companies at once, or larger multinationals.
Often the attacks aren’t even that sophisticated.
Criminals are simply taking advantage of flaws in company security, or exploiting a lack of understanding about the dangers of cyber attacks in certain situations.
One of the biggest risks to company networks, is when employees use public wifi like those in coffee shops or at train stations to access the internet and company systems, and send sensitive commercial or client information.
Doing this on public wifi is incredibly risky.
Unlike a dedicated company network, or even home wifi networks, public wifi isn’t secure and is available to access by anyone in range of the signal.
And because it isn’t secure it puts that wifi network, and all the devices attached to it, at risk.
There are several ways criminals can get access to your company’s sensitive information if an employee connects to a public wifi network using their business smartphone or other mobile device.
Here’s some of the most common to be aware of:
Rogue wifi networks
This is one of the most common attacks criminals use.
Essentially they set up their own wifi network that looks very similar to an ‘official’ public wifi network, in the hope people will just see it and use it because they think it’s legitimate.
Often the network will begin with the word “free” to entice users. It will also usually be called something similar to a real network with a slight change.
For example freepublicwifi1.
If your employee clicks onto the network, criminals will be able to see what they’re doing and steal their data.
Man in the middle attacks
These are when criminals position themselves between an employee’s device and the wifi network they’re trying to connect to.
On public wifi, it’s easier to do this because there’s no password or ID security, and often they’re not encrypted so data sent over them is readable.
If the attacker succeeds they can intercept data being sent over the network.
Sending malware out over an unsecure public wifi network
This is when cyber criminals use a public wifi network to send out malware to all the devices connected to the network to access and infect the user’s software.
This can irreversibly corrupt data and cause huge losses to a business.
This is simply when cyber criminals gain access to an employee’s computer using the public wifi signal.
Once they have access they can sit in the background and spy on what your employee is doing, including accessing sensitive information they share.
Exploiting ‘discover new networks’
If your employees are working remotely and searching for a public wifi network to join, then chances are they have their wifi set to ‘discover new networks’.
But what they might not know, is that this also makes their device discoverable to other people at the same time.
This gives hackers within proximity of their signal the chance to connect to their business phone directly and steal or corrupt information stored on it.
So how can you protect your business mobile phones from attacks?
Given that more people are going to be working remotely in the future (more than half of all employees have worked remotely in the last year and will continue to do so) all these risks might make you a bit worried.
They might also have you thinking whether a business mobile phone or allowing remote working is worth it at all if data is so at risk.
But the good news is, all these risks associated with public wifi networks are easily avoided.
For the most part, they happen because employees don’t understand the risks of sending sensitive information over these unsecure networks.
So, here’s a couple of easy things you can do to limit the risks, or eliminate them entirely.
Establish guidelines and policies around public wifi
The easiest thing you can do, is to set clear guidelines and set policies for any employee with a business smartphone or mobile device, stating they should not under any circumstances be sending or viewing sensitive company information using a public wifi network.
Better still, simply ban the use of public wifi when using a business device, or when accessing company data using a personal device if you have a Bring Your Own Device (BYOD) policy.
Get a better business phone data plan
One of the main reasons employees use public wifi networks when working remotely from a public place, is because their business phone doesn’t have a sufficient data plan to allow them to work for long periods of time.
Look for a business phone deal with a data plan that will support your employees’ when working away from the office so they don’t have to rely on a public wifi network in the first place.
Update the security on your business phones
Not updating a business phone with the latest software and security updates is one of the main reasons these devices are vulnerable to attacks in the first place.
Cyber criminals are adapting their methods of attack all the time and security updates include new solutions and defences against them.
If your business mobile phones aren’t regularly updated they might not have the latest security features and could be vulnerable.
Use third party mobile security software
If you’re particularly worried about the security of data on your business phones and have the budget you could invest in additional security software or other platforms like a Virtual Private Network (VPN) for employees to use when working away from the office.
Advanced security software for mobile phones can now include data encryption, two factor authentication and even AI powered threat detection to monitor and react to changing threat levels.
Get the right mix of hardware, software and cyber education to protect your data
Protecting your business mobile phones from attacks is always going to be a mix of having the right device, using the most up to date security software and features and educating employees on the risks of cyber attacks so they don’t put themselves at unnecessary risk.
By investing in dedicated business phones with a good data plan and the latest security software, you will greatly limit the risk of your data being stolen.
Want to find the right business phone deal?