It has been a few years since global enterprise reached the point where more business work was done on mobile devices than on desktop computers. Microsoft estimates that mobile devices account for nearly 80% of the overall enterprise workload.

This means that, by a very wide margin, most of the work is being performed on the most vulnerable devices. Nothing scary there, right? As of 2022, mobile malware attacks have impacted 36.5% of all organizations.

Cyber crime is a war that never ends. Let’s say that you are heading into a war zone, and you’re given a choice of two vehicles to drive: A fully armored Humvee or a fully open dune buggy. Which would you choose? In this scenario, mobile devices are the dune buggy.

What is the answer? Should you attempt to go back to the era when all work was performed on office computers? No – that toothpaste is already out of the tube. In every area of our lives, we negotiate through risk management. You can be killed in a second on any one of our freeways, yet they are always packed – it’s a manageable risk.

How do you mitigate mobile security threats?

First, identify them.

The 7 most prevalent mobile Cybersecurity threats and how to mitigate them:

1) Data Leakage

This is the siphoning off of your information – both personal and corporate, and can happen anywhere you go, either online (Google Chrome is infamous for this) or through the use of malicious apps.

The way to avoid leakage is to change your browser settings to the highest security – do not allow any data to be saved. Also, only download apps from official app stores, and ONLY grant the permissions that are necessary to run the app – for example, Lyft or Uber DO NOT need access to your microphone.

2) Network Spoofing

This is where hackers put up fake (spoofed) networks in areas that offer ‘free Wi-Fi’. To access, you may need to create an account using your email and a password. In a world where the #1 most common password is ‘123456’, this represents easy pickings for hackers to roam free through the user’s various accounts and take what they will.

To thwart this threat, never give up personal information, and if you need to create a login, use a truly unique password and store it in a Password Manager like Last Pass.

3) Phishing Attacks

These are pernicious and ever-present threats delivered through email, whether on a desktop or mobile device. They present a ‘convincing’ email that appears to be from a trusted source (such as a clickable ‘FedEx’ tracking link) and entice you to click on a malicious link or attachment.

The answer to this is to educate yourself and stay alert. If something doesn’t look right, don’t click anything – check the URL of links or use your browser to go to the website – NOT the provided link. Be suspicious.

4) Unsecured Wi-Fi

Similar to ‘Network Spoofing’ above, any free Wi-Fi is typically unsecured. Hackers pull their car up next to a Starbucks and look through the users on the Wi-Fi inside to see what’s worth stealing. In the UK, Helsinki-based F-secure performed a test for three well-known politicians who acknowledged using free Wi-Fi. From a fake hotspot F-Secure set up, each of the three was then easily hacked in the ‘white-hat’ attack, commandeering accounts like email, facebook, Pay-Pal, and in one case, they listened to a VoIP phone call one made from his hotel room.

Protect yourself by installing a VPN (Virtual Private Network) if you can’t avoid using public Wi-Fi networks.

5) Broken Cryptography

This is usually the responsibility of app developers who either fail to implement proper encryption or use weak encryption to save time and meet a development deadline.

Because the issue is deeply embedded within the app, there is little recourse but to switch apps if a problem appears, and demand better from app developers.

6) Improper Session Handling

Many  apps use ‘tokens’ to make mobile transactions easier, allowing the same token to be used for multiple transactions. Improper session handling happens when the apps unintentionally leave tokens in vulnerable places, allowing hackers to access them. Secure apps generate a new token for each application.

The best way to avoid this is to close the session when you’re finished – just log out. How many of us stay logged into frequently used sites? Too many.

7) Spyware

Spyware can enter unseen through malware, or even be installed by spouses and employers to keep an eye on where you’re going and what you’re doing – also known as Stalkerware.

Using a comprehensive AntiVirus (AV) and malware detection program will scan for these unwanted Peeping Toms and allow for deletion.

Frequently Asked Questions

Q: What are the types of mobile device security?

A:  TechTarget provides an explanation of the following four types HERE.

Standard Signature file AntiVirus
Hybrid AI cloud security
Intermedia cloud approach
Mobile behavioral Analysis

Q: What is a VPN in simple terms?

A:A Virtual Private Network (VPN) hides your data and IP address when online, allowing you to remain anonymous.

Q: Which is better a paid or free VPN?

A:  How much aggravation can you tolerate? Cybersecurity is stronger with paid, and a free VPN provides low grade performance. The connection speed is slower, which will make internet browsing tedious and frustrating. Die-hard gamers shouldn’t even consider a free VPN.

A paid VPN typically gives you the highest level of Cybersecurity with automatic updates and security. You can give a free VPN a try, and since most Premium VPN providers offer a FREE trial, try that and compare and weigh the cost and convenience.

Q: Where is security on my phone?

A: Pull down the notification bar and tap the gear icon to open Settings – tap ‘security & location’.

Q: What happens when you secure your device?

A:  It locks your phone with your PIN, pattern, or password.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed IT Services firm to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

For more information, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at: