A recent webinar hosted by Three looked at the security risks in more detail. The event looked at how the needs of a mobile workforce call for a new approach to protect against threats and scams that could disrupt the business, cause financial loss, or expose sensitive data.
Inside an office, companies could standardise on certain types of desktops and use security tools to keep those systems and users safe. Outside the office environment, it was a very different story. Without the benefits of a centralised network or a clearly defined perimeter for security, protecting a dispersed workforce became much harder.
Mobile use rises
Many people were not able to use their office IT systems when working from home during Covid-19. Research from Statista showed a 70 per cent increase in use of smartphones and mobiles among internet users worldwide as of March 2020 as the coronavirus outbreak hit.
Jacky Fox, who leads Accenture’s security group in Ireland, said people were using their mobiles more for business calls and videoconferencing and were also getting access to business data through their phones. “People are not as protected as they are in the corporate environment. You don’t have all the perimeter security. You might have other people and other devices sharing a home network – that’s why you have to increase security on the devices themselves,” she said.
Cybercriminals quickly jumped on this trend, looking to capitalise on the pandemic-induced panic. Barracuda Networks tracked a 600 per cent spike in email phishing attacks between the end of February and March 2020.
Scammers profit from the pandemic
Scam emails like this rely on social engineering techniques to fool recipients into thinking the messages are genuine. They then use this access to steal money from victims directly or trick them into revealing account details. With more people ordering online during lockdown, many criminals started sending messages that appeared to come from courier services, with a link that stole victims’ credit card details. Other security threats like ransomware also increased last year, a report from Microsoft found.
During the early stages of Covid-19’s arrival, many people were dealing with the stress of trying to work from home during a pandemic, reading messages on a small screen, and managing other aspects of life under lockdown. This created a stressful cocktail that made them more susceptible to fraud or likely to become infected by malicious software. “We’ve seen an increase in the use of mobile devices as an attack vector,” said Fox.
In the webinar, Martin Hannigan, head of finance and corporate services at the Simon Community, explained how his organisation experienced these threats first-hand as Covid-19 hit. The charity has almost 200 staff who use their mobiles as a way to communicate for work. Towards the end of 2019 and early 2020, the charity started to see a rise in the number of spam emails and fake text messages.
Attacks against senior management increase
“We could see that this was a vulnerability in our organisation’s mobile security. And when Covid-19 came down the line, we could see an increase in text scams particularly targeting senior management and even some of the finance team, along with phishing attempts against our CEO,” said Martin.
It's great to have a product like this on our handsets, that we're protected, and we've protected our workforce
Keen to stamp out any potential risks and carry on delivering its much-needed service during the crisis, the Simon Community deployed 3Mobile Protect, a security tool designed specifically for protecting mobile devices.
3Mobile Protect is the result of a partnership between Three and the Irish software company Corrata, whose technology prevents phishing, malware and WiFi attacks on smartphones. It also enables businesses to filter inappropriate apps and content from those devices.
The Simon Community has now eliminated text scams against its employees’ mobiles. Every month, it can see a dashboard showing the threats that 3Mobile Protect has prevented. “It met our objective to improve security and reduce our vulnerability to phishing attacks against key users. It’s great to have a product like this on our handsets, that we’re protected, and we’ve protected our workforce. As far as I’m concerned, it’s like giving someone a work laptop that has antivirus pre-loaded,” said Martin.
Securing smartphones to prevent attacks
Accenture’s Jacky Fox said technical controls on work or personal devices are an important extra layer of security to prevent malicious attacks. “If you have people accessing corporate information on a personal device, it’s important to ring-fence that information. So if something happens to that device, you can lose that container and make it inaccessible to anyone else,” she said.
One way to improve security awareness through training is to relate what happens online to a scenario in the real world
Jacky Fox said that in the changed working environment, companies should revise their security policies and carry out awareness training to show employees how to avoid risk and minimise possible threats.
She advised people not to use the same password on multiple online accounts, and to be suspicious of messages that imply urgency, as this is a common tactic for cybercriminals.
One way to improve security awareness through training is to relate what happens online to a scenario in the real world. “If somebody rang your doorbell and said: ‘I think there’s something wrong with your car, can you give me your car keys so I can check’, you wouldn’t hand it over,” she said.