The ABCs of Mobile Device Management – Always Be Cautious
Given the importance of cellphones — and in particular, smartphones — in both our work and personal lives, these devices can formally be considered ubiquitous. (In the U.S., 82.21 percent of the population was using a smartphone as of 2021.)
Unfortunately, their popularity makes them a prime target for hackers. Even when users are warned to be cautious about the sites they visit on their devices, they can still be tricked. How? It’s more difficult to recognize a spoofed or hacked site on a small screen.
Cybercriminals know this, and they take advantage of it. In fact, phishing scams such as smishing were one of the top three types of Internet scams in 2021, per the FBI’s Internet Crime Compliant Center2.
What Business Owners Can Do
As a business owner, you want to protect your firm and its assets. You also have a vested interest in keeping your personnel from become victims of cybercrime. While you cannot prevent them from making foolish mistakes on their personal cellphones, you can control what they do on their business devices.
At Carmichael Consulting Solutions, we recommend an approach called Mobile Device Management (MDM). Some of the services you should look for from an MDM provider follow. (Our offering includes all of these and more.)
- Implement mobile device training for personnel
- Create unique profiles for devices, whether they are company-owned devices or “bring your own device” (BYOD) phones, where workers can use their personal devices for work.
- Sync mobile devices with your Mac and/or Windows computers
- Optimally, the service should feature security services such as passcode setting and remote wipe if security is breached (BYOD devices) and managed support for company-owned devices, as well.
Anatomy of a Smishing Attack
Let’s examine how scammers use an easily recognized streaming service like Sling or Apple TV to compromise user credentials.
- A scammer starts a phishing campaign using a spoofed website. He/she sends the target a text message that reads:
“There is a problem with your current billing information. Please update it to avoid service interruption. Click here to visit our secure site.
- Having been given reassurance that the site they will be visiting is secure, the target clicks the link and is redirected to the spoofed site. (If the target is fairly technologically savvy, he or she may check and see that the site is indeed secure. That doesn’t mean it’s legitimate.)
- Once on the site, the target provides his or her information, which will include personally identifiable data and possibly even a credit card or bank number.
- The hacker cleans house.