A new warning from Verizon about the rise of smishing, spam text messages and text scams and the FBI reporting $10.3 billion in internet fraud last year, CISOs are increasingly concerned about mobile threats targeting employees and the impact to their organization.
The rise of smishing, spam text messages and text scams.
In recent survey conducted by SlashNext, 90% of security leaders say protecting employees’ mobile devices is a top priority, but only 63% say they have the tools to adequately do it. Furthermore, security leaders don’t believe training is enough to stop phishing and 98% say that even with regular training, employees are still susceptible to phishing and other attacks.
CISOs have good reason to be concerned, especially if they have managed and personal mobile devices in their organization. The increase in mobile phishing attacks on private messaging apps stems from cybercriminals launching phishing attacks on personal apps to successfully reach business systems, leading to headline-making breaches and having a big impact on businesses.
The vast majority of mobile devices have no special security protection other than the protections natively built into iOS and Android. While employers are worried about finding the right balance between protection and privacy on mobile BYOD, employees are more worried about being the target of a corporate phishing attack than surveillance on their personal devices.
The Verizon Mobile Security Index reports 83% of organizations report mobile device threats are growing more quickly than other device threats. As organizations embrace the expanding remote workforce, it will be important to have a mobile security strategy to keep the workforce secure from cybercriminals launching attacks on mobile devices using tactics including SMS/text phishing (Smishing), and non-linked based phishing.
It will be critical to implement phishing protection that protects users without degradation in user experience and doesn’t transmit personal data will meet the needs of securing business systems while providing employee privacy. To protect employees from smishing (SMS phishing) attacks, employers can implement the following measures:
- Employee Awareness and Training: Conduct regular security awareness and training sessions to educate employees about smishing attacks, their characteristics, and how to identify and respond to suspicious messages. Provide practical examples and best practices for handling text messages containing potential phishing attempts.
- Mobile Device Security Policies: Establish clear and comprehensive mobile device security policies that outline guidelines for using personal devices for work purposes. Include requirements for installing regular security updates, creating strong passwords, and implementing two-factor authentication on mobile devices.
- Smishing Protection and Mobile Security Tools: Employ anti-smishing and mobile security applications that can detect and block smishing attempts. These tools can analyze incoming text messages for suspicious content, URLs, or attachments, providing an added layer of protection for employees.
- Incident Response and Reporting: Establish a clear incident response plan for handling smishing incidents. Encourage employees to promptly report any suspicious text messages they receive and provide a dedicated channel or contact for reporting such incidents. Responding swiftly to reported incidents can help mitigate the impact and prevent further attacks.
By combining employee education, technology solutions, and proactive policies, employers can enhance their defenses against smishing attacks and protect employees from falling victim to such scams.
For more information on the Mobile BYOD threat landscape and protection solutions, read The Mobile BYOD Report, available at this link: /report-the-mobile-byod-security-report/