Private smartphones represent an underestimated cyber risk for companies


Hacker attacks on large corporations are now the order of the day. Small and medium-sized companies, however, do not see themselves as affected. They underestimate cyber risks and fail to recognize internal security gaps – for example the smartphone, which is often used for both business and private purposes.

In 2014, Interpol published a study together with a security software provider that showed that between August 2013 and July 2014 over 3.4 million malware attacks on over one million Android users took place worldwide. German entrepreneurs in particular should listen carefully to this report, after all, with 93,000 attacks, Germany is one of the most affected countries.

The problem is that, especially in small and medium-sized enterprises (SMEs), employees and managers usually use private mobile devices for business purposes. Employees pose a cyber risk for the company because many neglect the cyber protection of their private cell phones.

Particularly worrying: now even phone calls can easily be tapped. Cybercriminals can immediately intercept calls via the gyroscope built into every cell phone microphone. The gyroscope serves as a sensor for image stabilization of the camera or for motion-sensitive games.

During a conversation, malware-infected apps and the gyroscope can be used to overhear conversations. The person making the phone call does not notice that a cyber criminal is recording. Users cannot deny access from apps to this sensor in the microphone.

If entrepreneurs or employees also use their private cell phone for work, company information can quickly get into the hands of criminals.

Cybercrime is easy to shoot yourself out of!

An example of damage reflects such a case: An employee at the management level of a medium-sized hotel uses his private smartphone during an external appointment in order to be reachable for an important customer.

A cybercriminal uses a Trojan to gain access to the hotel employee’s business email account. The Trojan got onto the employee’s cell phone when a game app was last installed – and gives the hacker access to the hotel database.

The infected smartphone of the employee thus unwittingly becomes an internal cyber risk for the company. The data theft itself is usually only noticed late – namely when criminal transactions are carried out with the help of the stolen credit card data from the customer.

The damage to the medium-sized hotel business amounts to around 5,000,000 euros. In such a damage scenario, a company would quickly be on the verge of collapse without suitable cyber insurance and the associated preventive measures.

It is not mandatory for companies to take out cyber insurance. According to the Hiscox study “The DNA of an Entrepreneur” in 2014, only 5% of companies in Germany are insured against cyber risks. And this despite the fact that 38% of those surveyed are aware of the risk of data loss for their own company.

Protection is crucial!

From an expert point of view, many companies will be exposed to some form of cybercrime at some point. Thus, from the point of view of experts, it is advisable to take precautions. This works when SMEs have an experienced partner for cyber insurance.

First steps to close internal security gaps such as the use of private smartphones are:

  • Educate employees about the associated security risk for the company and make them aware of how to handle them carefully.
  • Exchange the passwords at regular intervals.
  • To use only business cell phones at the executive level.

In the event of a claim, the right insurer not only ensures financial compensation, but also provides the company with IT experts and IT forensic scientists directly. He helps to uncover the causes, provides advice and protects the company from long-term damage to its image.

But even before a claim occurs, insurers take appropriate preventive measures by providing customers with a contingency plan with IT experts. This significantly increases the company’s ability to survive in the first few minutes after the attack.

Leave a Reply

Your email address will not be published.