Mobile hacking prevention: 3 ways C-level executives can protect their data
Members of the C-suite aren’t just tasked with making hacking prevention decisions — they’re walking security risks. An eSecurity Planet study reveals executives are most at risk for mobile hacking attacks. The same report revealed 93 percent of members of the C-suite are concerned about the security threats faced by their increasingly mobile workforce. Implementing the right approach to mobile security needs to start at the top to ensure the organization’s sensitive data is protected from both technical and social engineering-based threats.
The C-level: A hacker’s dream target
Nearly one-third (32.5 percent) of CEOs’ mobile devices were subjects of attempted security attacks in a recent quarter, with 22.5 percent of those devices experiencing infection by medium- to high-severity malware, according to Skycure. Executives aren’t blind to mobile security risks, but cybercriminals understand decision-makers represent a potential payload of sensitive data.
Though executives may be statistically more likely than the average employee to engage in basic security protocols, C-level mobile devices are nearly guaranteed to be loaded with valuable data, including CRM apps, sensitive documents, accounting data and mobile banking information.
As mobile security risks increase, executives know their smartphone is the weakest link. Forty-five percent of executives believe mobile devices are the greatest risk in their company networks, according to a C-level survey by Harvard Business Review. Remaining cautious and exercising safe habits should involve a mixture of behavioral adaptation and smart technologies, as well as committing to modeling appropriately risk-averse behaviors from the top.
1. Avoid using shadow IT
Today’s executives are too often fearful of the risks associated with shadow IT, which is defined as technology implemented without the consent or approval of the IT department. However, many rely on it for their mobile work. One recent study indicated that 91 percent of CEOs worry about how unapproved cloud applications and devices will affect their organizations, while 75 percent admit to using unauthorized technology, according to Dark Reading.
Though the use of personally owned mobile technology or unauthorized apps may give the impression of heightened productivity, it’s a technical and cultural security risk no organization can afford to absorb. Executives should work to separate work and personal devices and data, while understanding the risks of sharing devices that contain potentially sensitive data — even with members of their own households.
2. Safeguard sensitive data
According to Harvard Business Review, the vast majority of mobile security breaches occur as the result of human mistakes. Even executives may lose or misplace mobile devices or fail to engage their knowledge of security best practices. Though using smart behaviors is crucial, implementing technical safeguards around sensitive data can enable the busiest executives to avoid excessive exposure or protect crucial information in case a device is lost or stolen. The following are some ways technology can be used for smarter, more proactive management of mobile security best practices:
- Using file-level encryption to protect email, network data and mobile applications
- Managing mobile applications, including blocking and permitting various apps and permissions
- Adopting containerization or surrounding sensitive apps and data with increased security
3. Understand social engineering risks
Executives face an increased risk of whaling attacks, defined as phishing attacks that target C-level executives and other individuals with access to sensitive data, such as HR or finance leaders. Whaling is a multibillion-dollar industry that’s experienced 270 percent growth since 2015, according to the FBI. Social engineering-savvy cybercriminals mine open-source information pools such as Facebook and LinkedIn and may spend months crafting convincing emails from spoofed URLs to entice executives into releasing sensitive data. As executives engage with colleagues through mobile, security best practices such as multi-level authentication and good old-fashioned phone verification of requests from colleagues are crucial to avoid becoming a human gatekeeper to a company data breach.
Securing your organization’s sensitive data while mobile
Executives aren’t just tasked with spearheading information security initiatives for hacking prevention throughout their organization — as the individuals most at risk of being targeted by cybercriminals, they’re responsible for adopting the cautious behaviors and cutting-edge technical safeguards needed throughout their organizations. With an awareness of risks and the adoption of technical and behavioral best practices, they can avoid being harpooned by malicious hackers.