Story image

Is mobile shopping compromising your enterprise security?

06 Dec 2018

Article by Morphisec VP Tom Bain

Just as online shopping took over for in-store shopping during the last decade, shopping on mobile devices is poised to overtake shopping on non-mobile devices in the years to come.

Early data on online shopping this holiday season illustrates the trend.

According to Salesforce, a record number of orders were placed on smartphones on Thanksgiving (54%), and mobile devices created 68% of all retail site traffic, and between Black Friday and Cyber Monday, mobile shopping sales exceeded $4 billion.

With mobile shopping becoming the preferred method for consumers to work through their holiday gift lists, it’s no surprise that people are turning to their work-issued mobile devices as well to help place their orders.

The Morphisec: Holiday Impact on Enterprise Security Survey recently found that nearly half of employees will use a work-issued computer or mobile device for online shopping this holiday season.

This can be hazardous to the cybersecurity of their employers.

When employees choose to use work-issued devices and corporate network resources (WiFi) to do their holiday shopping online, security teams have a challenge with the surge in browsing and online transactions.

This time of year features a substantially higher bandwidth and resource consumption rate, both inside organisations and outside, as professionals surf and shop online.

The reliance on mobile devices for shopping even poses a risk to enterprise security when employees stick with using their own iPhones.

More than 47% of employees will use their personal devices for work-related activities as they travel during the holiday season.

That means that any professional that visited a malicious site on their own mobile device may be inadvertently opening up their employer’s network to their compromised endpoint.

To help both employers and their employees keep their mobile devices protected, here are some tips to ensure mobile shopping doesn’t affect enterprise security.

Beware of adware -- it isn’t only a shopping annoyance

Professionals shouldn’t be lulled into a false sense of security when they stumble across Adware via unfamiliar mobile sites they are trying to shop on as they court the lowest prices.

Potentially Unwanted Programs (PUPs) continue to be the largest group of threats prevented by Morphisec, representing 40% of all attacks.

Don’t update mobile applications in a festive rush

It’s easy for us all to go through the motions of installing and updating applications on our phones, but how often do we read the app permissions? If you need to install an app, check what it is gaining access to.

This can help you try and identify if the application will invade your privacy or if it's malicious.

Lookout reports that man-in-the-middle attacks affected about 0.8% of enterprise devices. Luckily, Android’s Google Play app store automatically comes with Google Play Protect, which guards users against potentially harmful apps (PHAs) with daily scans.

According to the Android Security 2017 Year in Review report, the annual average of a user-downloaded PHA from Google Play was 0.02%, making it 50% lower than in 2016.

Don’t share a Wi-Fi network with unwanted holiday guests

If you don’t have an unlimited data plan, it’s almost second-nature to just connect to whatever Wi-Fi is available.

Free Wi-Fi hotspots don’t require authentication, which helps hackers gain access to all of the unsecured devices connected to it.

The next time you connect to a public Wi-Fi, use a VPN service to ward the hackers off.

Last year, there were 1,579 data breaches, which exposed nearly 179 million records.

We’re entering the fraud-filled holiday season, and it’s critical everyone does their part to help prevent a cyber attack.

In general, work-issued mobile devices should only be used for work; however, if the time comes where you need to place an order on your phone, be sure to take every precaution possible to keep you and your organisation safe.

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Hands-on review: The ruggedly tough CAT S61 smartphone
The driveway beckoned me, so I dropped the phone several times.  Back in the study, close examination has failed to reveal a single scratch.
How printing solutions can help save the planet
Y Soft has identified five key ways organisations can become more economical and reduce their environmental impact.
Is NZ’s tech industry starting to mature?
Technology is New Zealand’s fastest growing and third biggest industry.
How Kiwibank aims to enable greater digital inclusion
"Online tools can offer a more convenient and cheaper customer experience, but there can be barriers to usage."
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Inland Revenue to shut down services later this week
“There’s never an ideal time to shut down the tax system but we’re confident the changes will make any inconvenience worthwhile.”
NZ managers prefer intuition to big data, Massey study finds
Many senior managers in New Zealand businesses have an inherent distrust of big data, opting instead to rely on their own intuition.