Today’s smartphones have replaced PCs because of their efficacy to handle complex tasks beyond just placing a call. They come with operating systems, large amounts of storage, multiple applications, wireless connectivity, etc. so much so that they appear as a ‘Mini PC’. This ‘Mini PC’ allows you to do almost everything that your regular PC handles like, editing office-suite files, browsing a classy browser, storing a lot of content and accessing files of different formats. While it can do so many wonders, practically replicating a PC, it is also prone to security threats that could be worse than that of a PC.
Mobile security is the top challenge of any organization. Mobile security threats are rapidly evolving, and they come in many forms. IT departments should be concerned about mobile device security and protect them from malware, unauthorized access, eavesdropping, theft, and many more. While everyone raises awareness of the different types of malware, mobile malware still remains to be an alien topic for many in the world.
Mobile security hazards lie in areas that are often overlooked by users and organizations. Few of the most critical security threats of a smartphone that you should be beware of are as follows:
1. Social Engineering
Even though social engineering cons can be avoided, they remain effective and troublesome on mobile phones with the same intensity as on a desktop (if not more). According to a report on email threats by Fire Eye, 91% of cybercrime starts with email and now that official and personal emails are accessed on mobile phones, your device is at greater risk to security threats. Fire Eye also added that phishing grew 65% during and beyond 2017 placing mobile users at a greater risk of falling victim to a social engineered attack. While many mobile phones display only the senders’ name, users can be easily targeted using spoof messages. 
In a study made by IBM, mobile users are three times more likely to respond to a phishing attack as it is the first place that people see their notification.  In another report of Verizon’s 2018 Data Breach Investigations Report, 15% of users who were successfully phished will be phished at least one more time within the same year. 
The line between personal messages and official messages is getting blurred with more and more people accessing work emails and messages from their personal phones.
2. Data Leakage
Data leakage is one of the most worrisome threats to organizational security. The threat is not nefarious by nature. It is a user who makes a negligent decision about what apps they share information with.
A data leakage would be an unauthorized or unintentional transfer of data from the user’s mobile device to service. When apps fail to protect the data, sensitive information becomes available to others on the same network. A research by Ponemon, as referred by IT Proportal, the average total cost of a traditional breach is more than $7 million. Wandera after considering 3.9 million requests from the mobile devices of over 500 organizations, revealed that 200 mobiles apps and websites were exposing sensitive information as well as enterprise data for a year or more.  Data leakage does not simply involve a credit card or user information it also includes email addresses or passwords for official accounts that are accessed on the mobile phone.
3. Expired or Out-of-Date Devices
Internet of Things (IoT) devices, including smartphones, tablets, and smaller devices, are posing a new risk to organizations’ security as they generally don’t guarantee current software updates. Many manufacturers are ineffective with updating their mobile device on a regular basis. They are neither designed to update the software with patches issued for various operating systems nor are they designed to receive patches for IoT devices.
Again, a strong policy goes a long way. Google’s range of Android phones is equipped to receive even the smallest of the updates and Google is trying to make apps standalone so that they can be updated instantly. 
4. Lack of Password Hygiene
Carrying phones that has both personal accounts as well as company’s sign-ins can be convenient but might just be the biggest mistake, especially if the phone is not protected with an unpredictable PIN number or screen lock.
According to a survey by LastPass analysis for 2018, nearly 50% of the people surveyed do not create different passwords for their personal and work accounts. Moreover, the average employee shared about six passwords with a co-worker during the job tenure. 
Workers want to access various apps quickly by saving their passwords on the mobile browser or by using a simple password string which is common for all. This is the biggest threat to the organization’s data.
5. Cryptojacking Attacks
Cryptojacking is a relatively new addition to the list of mobile threats. It is a type of attack where someone uses your phone to mine cryptocurrency without your knowledge. Initially, using a desktop for cryptomining was popular, but smartphone technology has attracted crypto-criminals to their simplified platform too. Skybox Security in their report on vulnerability and threat trends identified that cryptojacking has been the cause for one-third of all cyber attacks during the first half of 2018 and apparently there was 70% increase in the next half of the year. 
The effect of cryptojacking is seen mainly with poor battery life and over-heating of the device even when not used. This is mainly because someone is using your device in the background without your knowledge. Users should select devices with care and stick to the basic/required permissions while downloading or accessing apps from the official storefront.
6. Loss of Device
Physical device breaches remain to be a constant threat. If the phone does not have a strong password it becomes a major threat in the hands of the wrong person. Consider this data to analyze how critical mobile theft is  –
- About 12% of the loss of phone lead to fraudulent charges and 9% to identity theft.
- 10% of victims do not make any effort to find their phones.
- Victims end up paying around $500 to $1000 to retrieve data including photos, videos, music, or other personal details.
- 44% of thefts happen due to negligence.
- 11% of phone thefts are directly stolen from pockets, bags, or purses.
- In a reference shared by Channel Pro Network, 70 million phones are lost every year of which only 7% are traced. 
The message is simple. Mobile security is no longer just an afterthought but an absolute necessity! Security teams must consider the task of securing mobile devices along with other security measures to avoid severe security breaches.
Looking to learn how to secure mobile phones and other wireless devices?
Students looking to improve their professional or personal development without having to fulfill degree requirements are welcome to apply as non-degree students. The Non-Degree Status is designed for scholars from across the world looking to take a specific course or courses from ECCU’s Bachelors or Masters degree programs. Through the non-degree status, you can choose to attend the CIS 408 Wireless and Mobile Device Security course, from the Bachelor of Science in Cyber Security program, where you will learn the security measures that should be put in place to mitigate breaches.
Sources: https://www.fireeye.com/offers/rpt-email-threat-report.html  https://securityintelligence.com/mobile-users-3-times-more-vulnerable-to-phishing-attacks/  https://enterprise.verizon.com/resources/reports/dbir/  https://www.itproportal.com/features/mobile-data-leaks-the-hidden-dangers-to-organisations/  https://www.computerworld.com/article/3176516/android-upgrade-problem-answer.html#2  https://lp-cdn.lastpass.com/lporcamedia/document-library/lastpass/pdf/en/IAM_LastPass_SOTP_ebook.pdf  https://lp.skyboxsecurity.com/WICD-2018-07-Report-VT-Trends-MY_03Asset.html  https://www.identity-theft-awareness.com/smartphone-theft-statistics.html  https://www.channelpronetwork.com/article/mobile-device-security-startling-statistics-data-loss-and-data-breaches