In recent years, companies are adopting new policies that encourage employees to bring their own devices (BYOD) to the workplace, including smartphones, tablets and laptops to access corporate networks, confidential documents and important data. If these devices are lack of protection, it is undoubtedly opening the door for hackers and increasing corporate network security threats. According to a report, 60% of cyberattacks come from insiders, and 75% are identified as maliciousness, while a quarter of them are from unintentional employees. Thus insider threats cannot be ignored.
In 2018 Mobile Device Safety Report, 81% of companies said they had experienced WiFi-related security incidents, with 62% occurred in cafés. Nowadays, free public WiFi is available in many places. Mobile working increases the opportunity of employees connecting to these WiFi and vulnerable to a “man-in-the-middle attack”. The hacker may disguise itself by naming the WiFi hotspot to a name similar to nearby stores or companies. While connecting to an insecure and unencrypted network, the data in the mobile devices may have been leaked. It may include personal data such as credit card numbers, date of birth, address, and even passwords. Apart from intercepting data easily, a hacker is more likely to intercept ongoing communication passing between the employee (sender) and receiver, pretend as the receiver to get more personal data. Since the “man-in-the-middle attack” invades the network device without installing any malware, there is no trace and hard to prevent.
If you don't want to fall into a hacker’s trap and cause leakage of company or personal data, you should avoid using public WiFi. If there is really a need, you can protect your data with some simple steps.
Firstly, use a virtual private network (VPN) from a trusted service provider, especially when accessing corporate network, and establish a safe connection by transmitting encrypted data through a "secure tunnel". Secondly, when there is a need to enter sensitive data, select a website with HTTPS protocol authentication to prevent data from being stolen. Thirdly, update antivirus software from time to time to block suspicious traffic and malware.
In addition to strengthen security measurement for personal data, companies should also control access to information in accordance with the “need-to-know” principle, allowing target users to access designated materials by using passwords or tokens to protect company information.
As the saying goes, “virtue is one foot tall, the devil ten foot ". Enterprises should make good use of technology, develop a comprehensive InfoSec policy, improve the security awareness of employees using mobile devices, and safeguard network security.
If you would like to learn more about the topic, please leave us your information and we will contact you shortly.
You are about to visit our website.