In many VSEs and SMEs, mobile is both for business and personal use. At the same time, smartphone piracy has taken on considerable proportions for several years. In this context, what risks are there for company data? How to manage employees’ mobiles to stay safe? What recurring threats?
The two most attacked operating systems in the world have long been Windows for computers, and Android for smartphones. In fact, Android users are much more numerous than Apple’s, also in France, and as we know, the popularity of a system exposes it much more to threats. This is what you might call the price of success.
France, a VSE country
According to numerous studies and statistics, in particular by INSEE, the percentage of VSEs / SMEs in the French economic fabric represents… 99.9%. Among these companies, there are 3 million VSEs, more than half of which have no employee.
It is therefore millions of business leaders and gigabytes of data who are exposed to digital security risks. However, many users in these small businesses use a single smartphone for their personal and professional use.
In addition, SMEs or TPE which have several employees rarely invest in professional phones for their employees.
On the viral research side, we know that threats and malware targeting Android have increased dramatically over the past decade. Today, our Viral Lab detects around 40,000 threats targeting Android per day. These threats represent approximately 20% of all threats treated.
More and more sophisticated attacks
In the early days of Android, Google had made the choice to leave its catalog, Google Play, relatively open, that is to say that it was very easy to publish an application there. This openness served the purposes of cybercriminals who had found there a free and affecting way to many users to publish infected applications. Google has greatly improved the security of its catalog, which is by the way the most secure today, but the fact remains that every day, infected applications cross the security barriers of the catalog.
And this can be explained in part by the fact that malicious applications have become increasingly sophisticated and “clever”. Some are there “only” to allow the download of other malicious apps, some are only triggered on user action, the vast majority are concealed under harmless apps that respond to their functionality when downloaded to a device. But the range of threats is wide. Malware quickly learned how to hack e-banking applications, smartphone messaging systems, web browsers, how to use vulnerabilities in the operating system itself, and even directly infect device firmware.
In this context, it is easy to understand that both personal and professional use of a smartphone poses real security problems. Mail consultation, professional file transfers, consultation of the company’s bank account. Today, we can do almost anything we do on our computer on a phone, and all devices are connected to each other.
Apart from the very many applications that we call “advertising”, that is to say which display unwanted pop-ups or serve to increase the ranking of websites (which makes hackers money) and which are not always strictly data dangerous (but can make it almost impossible to use the phone), there is malware that is really dangerous for data.
How to manage security on smartphones in the professional context?
As always in digital security, it’s impossible to protect yourself against all threats. Social engineering, which involves tricking the user into performing an action on their own that will lead to their device being infected, always works very well, and hacking methods are plentiful.
The first barrier against malware remains antivirus. Installing an antivirus on an Android smartphone is essential, especially in the context of dual use pro / personal. These tools are also sophisticated and allow a real-time analysis of downloaded apps, the possibility of putting filters for viewing websites, etc.
But the best way to protect yourself is undoubtedly ultimately to have two phones, one for personal life and one for the professional, protected by an antivirus and on which you can only perform actions related to the professional. No games, no video downloads, no social networks etc.
While no one is safe from having their work email hacked on their phone, having as few applications as possible limits the risks.
And finally, as always, we must remain vigilant and attentive. Do not download applications from questionable sites, do not transfer confidential or very important professional data via the telephone messaging system, do not keep files on your smartphone, avoid using public Wi-Fi on your professional mobile.
Small businesses with employees should probably invest in a fleet of secure business phones, because as we always say, a hack can result in huge losses compared to the investment a few phones represent.