Story image

Is mobile shopping compromising your enterprise security?

06 Dec 2018

Article by Morphisec VP Tom Bain

Just as online shopping took over for in-store shopping during the last decade, shopping on mobile devices is poised to overtake shopping on non-mobile devices in the years to come.

Early data on online shopping this holiday season illustrates the trend.

According to Salesforce, a record number of orders were placed on smartphones on Thanksgiving (54%), and mobile devices created 68% of all retail site traffic, and between Black Friday and Cyber Monday, mobile shopping sales exceeded $4 billion.

With mobile shopping becoming the preferred method for consumers to work through their holiday gift lists, it’s no surprise that people are turning to their work-issued mobile devices as well to help place their orders.

The Morphisec: Holiday Impact on Enterprise Security Survey recently found that nearly half of employees will use a work-issued computer or mobile device for online shopping this holiday season.

This can be hazardous to the cybersecurity of their employers.

When employees choose to use work-issued devices and corporate network resources (WiFi) to do their holiday shopping online, security teams have a challenge with the surge in browsing and online transactions.

This time of year features a substantially higher bandwidth and resource consumption rate, both inside organisations and outside, as professionals surf and shop online.

The reliance on mobile devices for shopping even poses a risk to enterprise security when employees stick with using their own iPhones.

More than 47% of employees will use their personal devices for work-related activities as they travel during the holiday season.

That means that any professional that visited a malicious site on their own mobile device may be inadvertently opening up their employer’s network to their compromised endpoint.

To help both employers and their employees keep their mobile devices protected, here are some tips to ensure mobile shopping doesn’t affect enterprise security.

Beware of adware -- it isn’t only a shopping annoyance

Professionals shouldn’t be lulled into a false sense of security when they stumble across Adware via unfamiliar mobile sites they are trying to shop on as they court the lowest prices.

Potentially Unwanted Programs (PUPs) continue to be the largest group of threats prevented by Morphisec, representing 40% of all attacks.

Don’t update mobile applications in a festive rush

It’s easy for us all to go through the motions of installing and updating applications on our phones, but how often do we read the app permissions? If you need to install an app, check what it is gaining access to.

This can help you try and identify if the application will invade your privacy or if it's malicious.

Lookout reports that man-in-the-middle attacks affected about 0.8% of enterprise devices. Luckily, Android’s Google Play app store automatically comes with Google Play Protect, which guards users against potentially harmful apps (PHAs) with daily scans.

According to the Android Security 2017 Year in Review report, the annual average of a user-downloaded PHA from Google Play was 0.02%, making it 50% lower than in 2016.

Don’t share a Wi-Fi network with unwanted holiday guests

If you don’t have an unlimited data plan, it’s almost second-nature to just connect to whatever Wi-Fi is available.

Free Wi-Fi hotspots don’t require authentication, which helps hackers gain access to all of the unsecured devices connected to it.

The next time you connect to a public Wi-Fi, use a VPN service to ward the hackers off.

Last year, there were 1,579 data breaches, which exposed nearly 179 million records.

We’re entering the fraud-filled holiday season, and it’s critical everyone does their part to help prevent a cyber attack.

In general, work-issued mobile devices should only be used for work; however, if the time comes where you need to place an order on your phone, be sure to take every precaution possible to keep you and your organisation safe.

How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Time's up, tax dodgers: Multinational tech firms may soon pay their dues
Multinational tech and digital services firms may no longer have a free tax pass to operate in New Zealand. 
Spark’s new IoT network reaches 98% of New Zealand
Spark is the first company to confirm the nationwide completion of a Cat-M1 network in New Zealand.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
IDC: A/NZ second highest APAC IoT spenders per capita
New IDC forecast expects the Internet of Things spending in Asia/Pacific excluding Japan to reach US$381.8 Billion by 2022.