As more and more businesses choose to communicate with their customers via mobile, security threats aimed at mobile users are becoming more widespread.
Invoices, statements and payslips are all frequently opened on mobile devices, with responsibility for security shared between the sender and the recipient.
But security attacks are becoming increasingly sophisticated, with hackers now targeting mobile payment systems as well as browsers. According to a 2015 survey from PWC, 15 per cent of organisations suffered a security breach caused by use of a smartphone or tablet device*.
Despite the escalating risks, the convenience and ease of anytime, anywhere access has fostered an uncompromising dependency – to restrict communication to the relative safety of the desktop would be unimaginable.
So how can senders and recipients protect their documents and data when using mobile devices?
Companies have no way to control the security of devices they send information to, which means they must assume any documents they send could be received on an unsecured device.
To allow for this, documents sent by email should be encrypted and password protected. Basic PDF encryption is not sufficient and neither is using an easily identifiable password like an ID number. To really protect the personal data inside a document, encryption and strong password protection are essential.
If confidential documents or data are made accessible via a proprietary application, the application must not automatically log the user in or store the login details. If it’s not possible to add a security layer into the app process, then each document will need protection.
Perhaps most importantly, companies should continually educate their customers on emerging risks and appropriate mobile device and application security, reiterating the security basics that will protect their confidential information.
Recipients have a role to play in document security too.
Every smartphone and tablet should have a pin or passcode to access the device, rendering the contents inaccessible should the handset be lost or stolen. While potentially frustrating for users, enabling a timed autolock after a short period of inactivity will ensure the device is never left unprotected for long.
Users should exercise caution when downloading apps, only doing so from official app stores. Even then, there are multiple cases where apps containing hidden malicious functionality managed to avoid detection by app store vetting processes. It is also worth reading reviews and investigating any known vulnerabilities before downloading an app.
Users of free and default document reading apps, such as iBooks, should make sure they apply updates as soon as they are released. The same goes for proprietary apps, as updates often fix security loopholes in previous versions.
Allowing apps that store sensitive information to ‘save’ passwords for automatic logins is an unnecessary risk. Banking, payment, shopping and even social media apps store information that is valuable to criminals. It’s better to log in and log out as required.
It is worth setting up dual factor authentication (username, password and a one-time PIN, for example) on any apps that offer this additional security layer – especially those that store personal information and documents. LinkedIn, Gmail, Facebook, Twitter and Instagram all allow dual factor authentication.
In the event that a device is stolen, all major smartphone manufacturers allow for a remote ‘wipe’ of the data stored on a handset. This is advisable if the device is taken while not locked – the remote wipe will remove any sensitive data. Of course, it’s sensible to regularly backup your phone data, so that when you get a replacement, you can restore all your information.
In the UK a new National Cyber Security Centre is set to launch in the autumn to tackle the rising incidents of cyber crime but government is keen to see businesses and individuals start to take more precautions themselves.
*Source: 2015 Information Security Breaches Survey conducted by PWC on behalf of HM Government.