Story image

Is mobile shopping compromising your enterprise security?

06 Dec 2018

Article by Morphisec VP Tom Bain

Just as online shopping took over for in-store shopping during the last decade, shopping on mobile devices is poised to overtake shopping on non-mobile devices in the years to come.

Early data on online shopping this holiday season illustrates the trend.

According to Salesforce, a record number of orders were placed on smartphones on Thanksgiving (54%), and mobile devices created 68% of all retail site traffic, and between Black Friday and Cyber Monday, mobile shopping sales exceeded $4 billion.

With mobile shopping becoming the preferred method for consumers to work through their holiday gift lists, it’s no surprise that people are turning to their work-issued mobile devices as well to help place their orders.

The Morphisec: Holiday Impact on Enterprise Security Survey recently found that nearly half of employees will use a work-issued computer or mobile device for online shopping this holiday season.

This can be hazardous to the cybersecurity of their employers.

When employees choose to use work-issued devices and corporate network resources (WiFi) to do their holiday shopping online, security teams have a challenge with the surge in browsing and online transactions.

This time of year features a substantially higher bandwidth and resource consumption rate, both inside organisations and outside, as professionals surf and shop online.

The reliance on mobile devices for shopping even poses a risk to enterprise security when employees stick with using their own iPhones.

More than 47% of employees will use their personal devices for work-related activities as they travel during the holiday season.

That means that any professional that visited a malicious site on their own mobile device may be inadvertently opening up their employer’s network to their compromised endpoint.

To help both employers and their employees keep their mobile devices protected, here are some tips to ensure mobile shopping doesn’t affect enterprise security.

Beware of adware -- it isn’t only a shopping annoyance

Professionals shouldn’t be lulled into a false sense of security when they stumble across Adware via unfamiliar mobile sites they are trying to shop on as they court the lowest prices.

Potentially Unwanted Programs (PUPs) continue to be the largest group of threats prevented by Morphisec, representing 40% of all attacks.

Don’t update mobile applications in a festive rush

It’s easy for us all to go through the motions of installing and updating applications on our phones, but how often do we read the app permissions? If you need to install an app, check what it is gaining access to.

This can help you try and identify if the application will invade your privacy or if it's malicious.

Lookout reports that man-in-the-middle attacks affected about 0.8% of enterprise devices. Luckily, Android’s Google Play app store automatically comes with Google Play Protect, which guards users against potentially harmful apps (PHAs) with daily scans.

According to the Android Security 2017 Year in Review report, the annual average of a user-downloaded PHA from Google Play was 0.02%, making it 50% lower than in 2016.

Don’t share a Wi-Fi network with unwanted holiday guests

If you don’t have an unlimited data plan, it’s almost second-nature to just connect to whatever Wi-Fi is available.

Free Wi-Fi hotspots don’t require authentication, which helps hackers gain access to all of the unsecured devices connected to it.

The next time you connect to a public Wi-Fi, use a VPN service to ward the hackers off.

Last year, there were 1,579 data breaches, which exposed nearly 179 million records.

We’re entering the fraud-filled holiday season, and it’s critical everyone does their part to help prevent a cyber attack.

In general, work-issued mobile devices should only be used for work; however, if the time comes where you need to place an order on your phone, be sure to take every precaution possible to keep you and your organisation safe.

Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.