As part of our ongoing examination of new cyber threats, this blog has focused on mobile device vulnerability. We’ve highlighted growing mobile threats in "The Mobile Future & Why You'll Need E&O in It" and discussed the data breaches in BitCoin wallet programs, SnapChat, and other mobile apps.
So it was no surprise to us when news reports surfaced earlier this week about hackers taking advantage of the Flappy Birds craze.
After Doug Ngyuen, the creator of the wildly successful but short-lived game, removed the mobile app from marketplaces, people were desperate to keep (or start) playing. Smelling blood in the water, hackers created apps that looked like Flappy Birds but that actually contained malware.
Needless to say, downloads took off lickety-split and viruses spread.
Of course, none of this should be surprising. Hackers are ingenious when it comes to disguising their malware. Frequently, they target the most popular searches and web trends, creating spoof websites or apps that lure naive users.
Unfortunately, because employees use mobile devices for both personal and work tasks, mobile malware can pose serious threats to a small business's cyber security.
Mobile Risk Management: Understanding the Client and Consultant Relationship
As an IT professional, your cyber liabilities are twofold. First, you must protect your own business and second, you have to guard clients from cyber attacks.
Protecting yourself is easier than protecting clients, simply because you probably understand the data security risks better than they do.
You can install top-of-the-line security software for your clients, but one simple mistake (e.g., failing to install a software patch, not updating passwords regularly, leaving their computer unlocked, etc.) can enable a massive data breach. (We discussed how a simple employee error actually led to the Target data breach in our article "Don't Let Employees Cause Your Next Breach").
Depending on the details of a breach, you can actually be held liable for a data breach caused by a client's mistake. That's because IT professionals can be held liable for "omissions.” That’s right – you can be held legally responsible for things you don’t do. A client can claim that you should have warned them or taught them how to avoid data security pitfalls. For this reason, you'll need to teach clients to use their devices securely.
Educate Clients to Avoid Mobile Malware Disasters
Whether you're a systems administrator, app developer, IT consultant, or other freelancer, part of your responsibility will be to educate your clients. Here are some tips to pass on to improve client security on laptops, tablets, smart phones, and phablets.
- If possible, don't keep company data stored on mobile devices.
- Turn encryption settings on for all devices, especially laptops that might have customer data or other private information.
- Use unique passwords, especially for work-related accounts.
- Don't use unsecure Wi-Fi.
- Only download apps from standard marketplaces and make sure they are reviewed, and (if possible) certified or recommended.
By their nature, mobile devices are less secure than desktops. Employees carry them wherever they go and tend to use them on multiple networks (often outside your firewall). Because of this, you'll need to teach clients to put these protocols in place to limit any damage if the device is lost or hacked.
Teaching clients about mobile device security can reduce your risk of a lawsuit, but it can never eliminate that risk. Data breaches still happen. Client disputes occur. As hackers start to peddle more advanced malware and take advantage of mobile risk, many IT professionals cover their commercial liabilities with E&O and Omissions Insurance, which will pay for data breach lawsuits and other professional disputes.
For more tips on preventing client-side data breaches, make sure to read "Client Education Resources for Fighting Data Breaches."
