We’ve all seen reports of multinational companies falling victim to cyber-attacks on the news — SolarWinds, Colonial Pipeline and JBS Foods just to name a few — but recently, many of us have started to experience this phenomenon firsthand. The rise in remote work has increased the frequency, sophistication and impact of phishing attacks.
The Risk to Mobile Employees
Mobile employees are using mobile devices more than ever to access company data, something hackers are taking advantage of by exploiting security gaps. According to a new survey from IT automation platform, Ivanti, 74% of respondents said their organizations have fallen victim to a phishing attack in the last year.
The latest attacks to gain traction among mobile users are smishing (phishing via SMS text message) and vishing (phishing via a phone call) scams. This is likely because, according to research from Aberdeen, attackers have a higher success rate on mobile endpoints than on servers. In fact, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7 million.
Why is This Happening?
Employees are especially vulnerable to new phishing attacks that utilize mobile technology because most people aren’t familiar with these schemes or have the tools to protect themselves from falling victim to them. It’s become a struggle for IT professionals to simultaneously address successful attacks on other employees while trying to prepare systems to handle new and more sophisticated threats.
The problem is only made worse for companies experiencing IT staff shortages. 52% of respondents claimed their organization has suffered from staff shortages in the past year. That means when an employee clicks on a mystery link in a text message or shares sensitive information over the phone with the wrong person, the time it takes their overworked IT team to respond is longer and more damage is done. 46% of those surveyed cited increased phishing attacks as a direct result of staff shortages.
Prepare Mobile Employees
The first thing companies need to realize is that any employee, regardless of technical expertise, can fall victim to cyber-attacks. Hackers develop new scams every day, and while you can’t foresee all of them, you can still implement cybersecurity training for all employees. If you already have a program like this, make sure it’s updated to cover the risk of phishing attempts via mobile devices.
In terms of IT security, your company should also adopt a Zero Trust strategy. Strict identity verification should be mandated for every person and device trying to access your private network, whether they’re sitting within or outside the network perimeter. To properly protect all employee devices, you should also employ a Unified Endpoint Management (UEM) approach. UEM allows companies to secure, manage and deploy corporate resources and applications on any device from a single console.
CompanyMileage is a TAHC&H Value Added Member Benefit Partner. You can reach Tracie Wilbanks Piasczyk for more information on their services at traciew@companymileage.com or at (346) 385-0109.