One of the key problems is perception. Most users believe their mobile devices are relatively secure, so they don’t take extra time to ensure the content they receive via mobile devices is safe. They also don’t put additional security in place to help filter out threats.
On top of this, restrictions within the mobile device design mean users are more likely to click on malicious links in emails viewed on mobile devices than on laptops. Cybercriminals can easily con users into thinking a website is legitimate by using tricks like URL padding and using the small screen size to their advantage—like how little of the URL a user can see. These techniques are especially successful in the case of email-based spear phishing and spoofing attacks that attempt to mimic legitimate webpages. Furthermore, the majority of smartphones make it difficult for users to review the accuracy of emails due to the limitations in viewing multiple pages side-by-side and navigating between pages and apps. For example, users don’t always have full visibility to email headers and email sources at first glance.
According to Verizon’s research, the biggest driver making users more susceptible to threats via mobile devices is, in fact, the way in which they interact and use their devices. While the ease and speed with which users can accept, reply to, and send email is highly efficient and user friendly, it also opens the door for threats to creep in. For example, we all use our devices while doing other activities like walking, talking, and consuming other media. We are not always paying careful attention to incoming information, which means we don’t always take the time to review requests thoroughly and can be too quick to respond.
But what can we do? The use of mobile devices—especially for work purposes—will only continue to rise.
One of the key solutions is user education. Organizations need to take this into consideration when planning their general cyberhygiene programs.
Providing ongoing education to employees so they know what to look for—including what a phishing email looks like and the damage cyberattacks can cause—is a key element to include as part of security programs. New work arrangements—such as remote work and BYOD—create urgency around training employees to think and act with security in mind.
Cyberhygiene should be embedded into an organization’s operations across all departments.
How can SolarWinds® Mail Assure help?
SolarWinds Mail Assure’s cloud-based email security helps your customers stay in control and protect their inbound and outbound email from email-borne threats. What’s more, you can get Microsoft® Office 365® add-in for greater control and visibility into email flows from the Microsoft AppSource at no additional cost—also compatible on mobile devices.
Interested to learn more about protecting your customers from email-borne threats? Get in touch with a solutions provider today.
Mia Thompson is the product marketing manager for Mail Assure at SolarWinds MSP.
Sources:
1 “Email security: the biggest problem you’re not paying attention to,” 451 Research, LLC. https://www.avanan.com/hubfs/Content/Collateral/451-Avanan-Business-Impact-Brief.pdf (Accessed December 2019).
2 “Email security: the biggest problem you’re not paying attention to,” 451 Research, LLC. https://www.avanan.com/hubfs/Content/Collateral/451-Avanan-Business-Impact-Brief.pdf (Accessed December 2019).
3 “The Cost of Cybercrime,” Ponemon Institute, LLC. https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf#zoom=50 (Accessed December 2019).
4 “The Cost of Cybercrime,” Ponemon Institute. https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf#zoom=50 (Accessed December 2019).
