This content is part of the Essential Guide: Essential guide to laptop, desktop PC and mobile device strategy

Top mobile security threats IT needs to know about

With mobile devices on the rise in the workplace, it is imperative to know the top security threats these devices bring with them, plus how to prevent breaches from happening.

Mobile devices have changed the security game, making it more important than ever for IT to understand the biggest threats out there.

When people think of IT security trends, their minds generally drift to thoughts of firewalls, security appliances, policies and threats such as malware, ransomware and Trojans. But that was security prior to the mobile takeover. Now, there are five top mobile security threats that should be on your radar.

Insecure Wi-Fi

Users take their mobile devices to coffee shops and other locations that offer free wireless, but when they connect to those free hotspots, insecure transmissions of data can occur. It is critical to help those users understand that they must either never connect to insecure Wi-Fi, or must always use a VPN when doing so.

Companies can enforce this policy through mobile device management (MDM) tools. Administrators can also use automation tools such as Tasker, so that every time a user connects to a new wireless network, the VPN automatically kicks in. Or, IT can use tools such as Android for Work, which always defaults to the VPN when users access a work profile.

Out-of-date software

The mobile user base happens to be the least educated in how systems actually work.

One of the top mobile security threats that IT often overlooks is out-of-date software. Mobile devices need their software and operating systems updated as frequently as possible, as soon as the update is available. Some smartphones contain even more sensitive data than some corporate networks -- think phone numbers, credit card numbers, locations and passwords -- so using outdated software can create security risks to that data. When using MDM, make sure to take advantage of the ability to push updates to devices.

Malicious software

IT should never let users install apps from third-party sources. Side-loading apps can lead to malicious software invading the system. These illegitimate apps can easily mine personal and corporate data, and transmit it to third parties. Games and social networking apps are always at the top of the list, and users are quick to venture beyond the protective walls of their app stores such as the Apple App Store or Google Play Store to get them.

Poor user education

The mobile user base happens to be the least educated in how systems actually work. Desktop users know not to open attachments or hand out passwords. Mobile users have tossed aside those concerns, simply because they think their smartphones are immune to such issues. But mobile platforms are more vulnerable than desktops and laptops, so users cannot take the oversimplified interfaces and ease of use for granted. Develop a clear mobile device policy, ensuring that each user understands best practices to protect data from the top mobile security threats.

Lack of authentication

Hacks on social networking sites, cloud services or online retail accounts occur mostly because of weak passwords, but attackers can crack even strong passwords. To avoid these types of authentication issues, it is crucial to implement two-factor authentication for everything possible -- including company servers. It might require users to take extra steps when logging in to their corporate accounts, but the security gained is worth it.

Mobile usage is a threat to businesses when users work without care or concern for security. It is not just on the user, but also on IT to ensure that users are educated to the risks and understand how to avoid the never-ending deluge of the top mobile security threats.

Next Steps

How mobile data leakage could unravel a company

Develop an IT security strategy with this CIO guide

Listen to this discussion on how to limit mobile security risks

Dig Deeper on Enterprise mobile security