Cybersecurity Self-Assessment Resource
What is your organization's appetite for cybersecurity risk? How is your current cybersecurity infrastructure? Use this resource to get a feel for where you are in your cybersecurity as we begin a new year.
.jpg?ext=.jpg)
Smart Phones and the Workplace in 2025
Many years ago, when social media platforms like Twitter and Facebook were still new, a story began to circulate. A woman was out running errands when a man came up to her. He asked if she was so and so, and she said something along the lines of “Do I know you?” Little did she know that she had just opened the door. The man knew much more than her name. He knew her birthday was coming up and that she probably was shopping for herself. He knew where she worked and he knew how she felt about her job. He knew that she had a beloved pet. She finally asked how he had known so much about her, and he replied that he had gathered all of that information from her social media account.
That kind of data mining was a little bit of a shocker at the time. With the presence of smart phones, an infinitely larger amount of data is now available and is often far too accessible. Those smart phones, those little data leakers, are common sights on a shop floor or in an office.
Whether you are pursuing ISO 27001 certification, CMMC certification, or just a stronger cybersecurity stance, smart phones definitely need to be part of the plan for this new year of 2025. Here are some things to keep in mind moving forward.
Social Engineering
Make sure all of your employees understand what social engineering is and how it works. This advice is essential in terms of desktop email and website usage as well as for text messages or email messages on smart phones. Whether it’s a pretty obvious phishing attempt or something that could be legitimate or might not be, everyone in a company needs to understand how to beware of dangerous emails and text messages, as well as what to do if they are unsure about a message (hint, do NOT forward the message to your IT department).
Data Leakage
Data leakage occurs when someone gains access to corporate data they should not have. Many times, this leakage occurs because of what is called an “insider threat,” meaning the damage was done from the inside, not the outside. Sometimes this can be an unhappy employee seeking revenge on the company, but often it is the result of a big accidental mistake. For example, recently there was a very large cybersecurity incident because a hacker called a corporate secretary and asked for information she did not know she should not give the caller. The secretary did not give access to the data maliciously, but the accident caused millions of dollars worth of damage.
WiFi interference
One of the quintessential images of 21st-century culture is a person sitting at a coffee shop or in a business center at a hotel typing away. After all, WiFi is available and better yet, the location has a password to make you feel safe about your connection. Unfortunately, hackers and “middle men” can learn that password just like you did – by looking at the brochure or the sign that says, “WiFi password is xyz123.” It’s easy to sip your caramel latte and open an urgent work email, or open a work text message with a link to an upcoming confidential proposal. If employees do this, they are potentially exposing critical data.
Out of date devices/OS
If your company provides smart phones for employees, the person responsible for IT management and maintenance needs to know what the expiration date for those smart phones are. After about 4-5 years, a smart phone will no longer be supported and will not get security and software updates. This puts any data on that device at risk.
Questions?
There are many other red flags to monitor where smart devices in the workplace are concerned. According to a November 2024 Pew Research study, 98% of people polled between the ages of 18-29 own a smart phone. The percentage for 37-49-year-olds is 97%. The news is clear. Your workforce likely has at least one smart phone. Perhaps they use a work smart phone as well as a personal one on site. Is your cybersecurity defense ready for the challenges smart phones represent?
Talk to us today with any questions you have, or how smart phones can impact your ISO 27001 or CMMC certification process.