Field Service Technician Mobile Device and Phone Security ConsiderationsBy My Service Depot on Tuesday, December 22, 2020
Outside threats imperil your company devices at all times. Use these tips to stay safe.
Mobile devices are the most critical equipment your field service business uses, outside of your trucks. These devices communicate your job data, job scheduling, and other significant business data throughout the day. Do NOT make the mistake of assuming they are secure just because they are mobile devices built by reputable manufacturers.
Mobile Device Security Risks and Security Breaches are Growing
- 43% of Android apps and 38% of iOS apps contain high-risk vulnerabilities.1
- One in three organizations surveyed by a 2019 Verizon study admitted suffering a mobile device security compromise.2
- High-risk apps are installed on one out of every 36 mobile devices.3
- New mobile malware variants increased by 28% in 2018.4
- Third-party app stores host 99.9% of known mobile malware.4
- Android devices are targeted much more than iOS, accounting for 98% of mobile malware.4
- iOS is not totally immune. Recently, many popular Chinese Apple Store apps were infected with a malware called XcodeGhost that could perform a variety of nefarious activities on a user’s iPhone.5
Where do threats to field service technician mobile devices come from? How can field service businesses defend against them? Let’s review.
Malicious software programs, known as malware, are one of the most common threats to your technicians’ mobile devices. Apple devices are not immune, but Android devices are by far the most likely to get infected with malware. In fact, Google reported in 2019 that millions of new budget Android devices actually came with a sophisticated Trojan virus pre-installed.6
Download apps only from official app stores. Fake apps, like a fake Netflix app for example, are available on third-party Android app stores and they look like the real thing. Attempting to open them causes the icon to disappear as if it were uninstalled while a Trojan virus takes hold, allowing hackers to remotely control the device.7
When downloading apps from official stores, read the reviews first. Some apps infected with malware have passed official store review and are available for download, including apps on the Apple app store.8
Use a well-known, trustworthy anti-malware program for Android. The best options include Bitdefender, Norton, Avast, McAfee, and Kaspersky, among others. Google Play Protect is, unfortunately, unreliable; use something else.9 Tests indicate the best anti-malware apps are paid, but some free apps are good too.9
Unsecured Wi-Fi Connections
Free, public Wi-Fi is tempting, but it is also dangerous. Public Wi-Fi is commonly unsecured for easy connectivity. Unsecured Wi-Fi communication can be easily monitored and examined by hackers.
Even more dangerous are fake public Wi-Fi access points. These may be named something like, “Free Airport Wi-Fi” or “McDonalds Customer Wi-Fi”. When users connect, they may be routed to the internet normally, with the exception that all of their internet communications are being examined by hackers. Even worse, they may get routed to legitimate social media and banking websites while using “man-in-the-middle” technology to steal user names and passwords, as well as sensitive data from the site visited.10
Avoid free Wi-Fi as much as possible and never use it to access personal information sites (like banking or social media).
Smishing and Smishermen
Using fraudulent text messages to practice phishing is known as smishing, and the perpetrators of this action are known as smishermen. This is the mobile equivalent of phishing emails, but many field service technicians are less attuned to text message threats than they are to email threats.11
These deceptive texts masquerade as legitimate communications to trick unwary users into divulging personal information and passwords. Some may install malware when the user is tricked into installing what seems like a legitimate app.11 The message may appear to be from your bank or it may appear to be from UPS or FedEx with package tracking information. Unlike malware which predominately targets Android devices, smishing is an equal opportunity, cross-platform threat attacking both iOS and Android devices.11
Take the time to think about the content of unexpected text messages and be just as suspicious of them as you would for an unexpected email. Do not click on any unexpected links or install any unexpected app suggestions.
Avoid BYOD (Bring Your Own Device) When Possible
The ability of field service businesses to allow field service technicians to use their own personal devices represents a tempting savings for business owners. Unfortunately, this strategy also exposes your business to additional risks.
Your employees use their personal devices to install any number of unknown apps for their own, personal use. They use them when they go on vacation, travel through airports, and use public Wi-Fi. They use them to respond to personal text messages and exchange personal email. These personal activities increase the risk their personal device will become infected and your business data on the same device will become compromised. Malware infections may spread to your business the next time they connect to your company Wi-Fi.
If your field service business can afford to purchase and manage mobile devices for your field service technicians, you can control what apps get installed, prohibit using the devices for personal reasons, and more easily enforce security policies.
Strictly Prohibit Jailbroken iPhones/iPads or Rooted Android Devices
Are any of your field service technicians tech-savvy computer hobbyists by night? If so, watch out! Jailbreaking is a term that applies to Apple devices and rooting is a term that applies to Android devices. Both are essentially the same thing. Jailbreaking or rooting a device allows the user a new, wild kind of freedom. They can install pirated games or apps without restriction. They can install applications that give them all kinds of administrative flexibility they normally wouldn’t have. One example, Titanium Backup, is a popular app that requires rooting an Android device. Titanium Backup gives the user the ability to easily transfer data from an old device to a new one, or to restore older versions of an app if they don’t like the new version.12
Jailbroken or rooted devices open up a Pandora’s box of new security risks.
- Any malware app can do anything it pleases.12
- Apps written for jailbroken/rooted devices are usually developed by small amateur groups with sloppy coding practices.12
- Jailbreaking makes an iPhone remotely controllable.12
If you implement Bring Your Own Device, make sure your field service technicians know that the use of jailbroken or rooted devices is strictly prohibited.
Summing It All Up
- Be aware that threats to field technician mobile devices are growing rapidly and your field service business is always at risk.
- Use only official app stores and read the reviews first.
- Use a well-known, trustworthy anti-malware program for Android devices. Paid versions are best.
- Avoid using unsecured Wi-Fi and never use it to exchange sensitive information.
- Be as suspicious of unexpected text messages as you would of unexpected emails.
- If you can afford it, use only company owned devices for field dispatch software apps.
- Strictly prohibit the use of jailbroken or rooted devices.
- Educate your field service technicians about mobile device threats and safer practices.