You're probably reading this article on your mobile device, which isn't surprising given the rise of mobile computing in the workplace. While mobile computing offers many benefits, there are misconceptions about its disadvantages for businesses, particularly concerning security management.
Mobile computing does present unique challenges, especially in terms of security. Traditional in-house hardware like servers, network firewalls, and workstations are easier to physically secure with measures such as video monitoring, restricted access, and alarms. However, mobile devices lack these physical security measures.
A Pew Research Center study shows that 85% of Americans own and use smartphones. With the growing trend of remote work, BYOD (Bring Your Own Device), and COPE (Corporate-Owned, Personally Enabled) strategies, businesses are embracing mobile computing to maintain an efficient and mobile workforce. According to Statista, there were 6.648 billion smartphone users worldwide, which translates to about 83.4% of the global population.
Despite investments in mobile computing solutions like mobile device management (MDM) tools, mobile computing still poses significant threats to companies. These threats range from malware and phishing to mobile OS risks and other cybersecurity issues.
This guide will discuss the major disadvantages of mobile computing for businesses, highlighting the security and privacy challenges many organizations face today.
Phishing
Ask any organization, and they'd tell you that phishing attacks are one of the biggest disadvantages of mobile computing. Many organizations invest in web gateways, proxies, and next-gen firewalls for security. Attackers find holes in those solutions, such as attacking via an employee's personal email and texts instead of corporate email.
In 2018, Amazon chairman Jeff Bezos had his mobile phone hacked after receiving a malicious video file in a WhatsApp message. A large amount of data was copied from his device.
Hackers can use social engineering to research users they would like to attack — looking for key attributes like the company where they work, job status, recent posts, and updates. This approach is sometimes called spear phishing. The information obtained reveals entry points for hackers to gain users' trust, usually through email or other social posts and messaging.
They aim to get the user to share sensitive company data and information. While technology plays an important role to help proactively secure devices and users, the danger of social engineering is that it relies on human error, allowing a bad actor to infiltrate through phishing sites and malicious applications.
Phishing sites are often URLs opened from a link. These malicious URLs often look similar to an authentic site to trick users into thinking they are on the legitimate site.
Phishing attackers use:
- Email, both corporate and personal.
- Text or a message from similar applications like Facebook Messenger, WhatsApp, and iMessage.
- Social platforms like LinkedIn, Facebook, Twitter, and Instagram.
Malicious Applications
One of the biggest disadvantages of mobile computing is malicious applications. Malicious apps are designed to collect personal and corporate information and transmit it to third parties.
Companies can invest in MDM as a first line of defense against malicious apps. A properly managed device greatly reduces the potential for potential harmful app (PHA) installation.
According to Google's Android Ecosystem Security Transparency Report, for devices that are properly configured with MDM policies such as blocking installation of unknown applications, PHA can drop to .004%. The same goes for iOS; leveraging proper MDM configurations and DLP policies can greatly reduce the chance for rogue applications to exploit the device and OS.
Organizations can supplement mobile device management with an MTD tool for more advanced protection in real-time. MTD software detects and combats malicious behavior from an app or a zero-day attack, wherein hackers exploit a vulnerability in legitimate software before the vendor can patch it. MTD tools quarantine or disconnect the device to minimize the attack's effects.
Additionally, companies should develop a mobile device security policy so that users understand the importance of device security and how to use a device that accesses corporate data.
These policies must account for all sorts of factors that users and IT admins could encounter during their workday. Include acceptable use policies, device ownership guidelines, mobile update strategy, extensions of existing security policies, and more. IT admins can enforce this policy through a combination of tools and platforms such as MTD, MDM, and enterprise mobility management (EMM), and soft management methods such as end-user training and documentation.
Application Vulnerabilities
Another disadvantage of the mobile computing device environment is the apps loaded on it. Each application can contain a vulnerability that is susceptible to exploitation. The apps on the mobile device can pose various disadvantages including:
- Incorrect permission settings that allow access to controlled functions such as the camera or GPS.
- Exposed internal communications protocols that pass messages internally within the device to itself or other applications.
- Potentially dangerous functionality that accesses the resources or the user’s personal information via internal program data calls or hard-coded instructions.
- Application collusion — where two or more applications pass information to each other to increase the capabilities of one or both applications.
- Obfuscation, where functionality or processing capabilities are hidden or obscured from the user.
- Excessive power consumption of applications running continuously in the background, draining the battery; thereby reducing system availability.
- Traditional software vulnerabilities such as insufficient editing of data entered, Structured Query Language (SQL) query exploitation, and poor programming practices.
- Privacy weaknesses in configuration settings that allow access to the application’s sensitive information (e.g., contacts, calendar information, user tasks, personal reminders, photographs, Bluetooth access).
Risky Device Configuration
Mobile devices are usually run with administrator rights and rarely use anti-malware protection, particularly in the case of consumer devices permitted for company use such as in a Bring Your Own Device (BYOD) arrangement.
Additionally, stored data may be unencrypted, particularly on external micro-SD cards, which can put information at risk even with controls such as password requirements or biometric readers.
Mobile device management solutions can help centralize and enforce security controls on these devices, but they are not without certain limitations and challenges. At the very least, it's recommended that organizations enforce strong passwords and storage encryption on mobile devices.
Malicious Wi-Fi networks
Wi-Fi networks, offered by malicious individuals, require the use of a portal that asks users to sign in with a Google or Facebook account which then provides them access to the user credentials involved. Since many employees employ the same passwords across multiple apps, this can result in a serious series of data breaches.
A particularly hazardous variation of this threat involves these malicious networks being set up next to financial institutions and asking users to sign in with their bank username/password to gain Internet access.
FAQs
Q1. What are the major issues of mobile computing?
Mobile computing disadvantages exist in the device itself, the wireless connection, a user’s personal practices, the organization’s infrastructure, and wireless peripherals (e.g., printers, keyboard, mouse), which contain software, an OS, and a data storage device.
If not secured by encryption, wireless networks often pass sensitive information in the clear that can harm individuals and/or organizations. Unintentionally released sensitive data can not only affect the organization’s reputation and the lives of those affected, but it can also be the cause of legal action.
Q2. What are the advantages of mobile devices?
There’s no denying it. Mobile devices are pivotal in our daily lives. A staggering five billion people now own mobile devices around the world.
From scrolling through social media to taking pictures, listening to music, doing shopping, checking the news or weather, navigating somewhere new, bingeing movies on Netflix, setting alarms, tracking diets, updating calendars, sending and responding to emails, phoning loved ones, booking ourselves an Uber… the advantages of mobile devices is endless!
Q3. What are the disadvantages of mobile technology?
Disadvantages of mobile technology for businesses include:
- Costs: New technologies and devices are often costly to purchase and require ongoing maintenance and upkeep.
- Workplace distractions: As the range of technologies and devices increases, so does the potential for them to disrupt productivity and workflow in the business.
- Additional training needs: Employees may need instructions and training on how to use new technology.
- Increased IT security needs: Portable devices are vulnerable to security risks, especially if they contain sensitive or critical business data.
If your business is using mobile computing, you should take measures to ensure that your devices and the data they access, remain safe.