Employees use their smartphones as a key tool for accessing information during a work day – especially when outside the office and traveling on business. While smartphones, tablets, laptops and other devices may increase productivity by facilitating work flow and communications, a wireless mobile device and related data may be exploited by cybercriminals, and this risk increases significantly when overseas. Organizations can help manage the risk of compromising confidential information, intellectual property, and other sensitive data by adopting safeguards for personnel travelling in other countries.
Some destinations outside the United States tend to host far more mobile device attacks than others due to less secure cellular networks, elevated levels of corporate corruption, and authoritarian legal regimes. Kaspersky Lab, a digital security service, annually measures the countries with the most attacks on mobile users. They noted that in 2015, the top 10 countries for mobile attacks were China, Nigeria, Syria, Malaysia, Ivory Coast, Vietnam, Iran, Russia, Indonesia, and Ukraine. This list of top offenders, however, should not cause organizations to be complacent about travel in other countries – data theft happens in cities throughout the world. Kaspersky Lab reported earlier this year that malware targeting users of mobile devices grew more than three times between 2014 and 2015.
The most dangerous threats in 2015 were ransomware, malware capable of obtaining unlimited rights to an infected device, and data stealers such as financial malware. Attacks might arise by intercepting cellular signals using network vulnerabilities, such as the SS7 global network, or by using software downloaded through a mobile application. Once access to a mobile device is obtained, criminals can make and record calls, delete call logs, intercept text messages, download data stored on the device, record audio and video using the phone as a remotely operated camera and microphone, and access email accounts. This creates the risk of compromising ongoing negotiations, insider information, financial data, intellectual property, and personal information, as well as other documents and data that move through or reside on the mobile device.
Fortunately, employing safeguards can help minimize the risk that a mobile device will become an unauthorized gateway to an organization’s sensitive information including the following:
- If overseas business travel is frequent – and to areas where there is a heightened risk of cybercrime – consider using a dedicated mobile device with minimal stored data that can be wiped clean at the end of the trip.
- Use industry standard encryption protocols for files stored on mobile devices containing especially sensitive information.
- Be especially cautious when using public wireless networks at airports, hotel business centers, and other locations despite their convenience.
- Use caution when storing or transmitting sensitive data through the mobile device while travelling and backup the data before travelling.
- Educate personnel to avoid downloading mobile applications while overseas if the device will be connected to the organization’s network.
While there are other precautions that might be considered, these safeguards are a good starting point together with training personnel (and others) to help any organization reduce its risk of compromising sensitive communications, as well as avoid potential costly risk mitigation, security breach notices, and associated litigation if an incident should occur.