Mobile phones are increasingly playing a vital role in the day-to-day running of a veterinary practice. Today, almost all tasks that can be done on a computer can also be completed on a mobile device. These devices also carry detailed information about their users, including financial data, personal information, confidential images, social security details, and location data. In the case of practice owners, details such as cloud service accounts, staff details, and, in some cases, access to clients’ accounts can also be found on their phones.
Therefore, mobile phones are a treasure trove for cybercriminals looking to gain access and cause havoc or cash in on vulnerabilities. There are many methods that cybercriminals use to compromise your mobile phone to gain access to your data. In this section, we will look at some methods that cybercriminals use to compromise mobile phones and steal data.
1. Unsecured Wifi
One of the most common ways that cybercriminals gain access to data is through their unsuspecting users using unsecured public wifi for their browsing. Cybercriminals are aware that most people would rather use public wifi than burn through their cellular data. Therefore, they set up wifi that is accessible to their potential victims.
When unsecured wifi is used, hackers are able to gain access to almost everything on your phone. If you are logged into any cloud service for your veterinary practice, hackers will be able to gain access, and this is likely to put your clients’ details at risk.
Therefore, it is advisable to avoid all public wifi at all costs. This is because there is a high likelihood that you will be using one that has been made by cybercriminals.
2. Data leakage
Mobile apps play an important role in the smartphone ecosystem. Unfortunately, they are also one of the best ways to compromise your mobile phone device. One of the ways they do this is by leaking your data to cybercriminals.
There are many ways of leaking data, with the most common one being the installation of “riskware” apps that request permission from users during installation. In most cases, these applications are found on official app stores, and when downloaded, they are able to function as advertised. However, in the background, they go through your phone and send sensitive data to remote servers for advertisements and other analytics. In some cases, this data becomes available to cybercriminals, who use it to compromise an organization.
Another method by which data leakage happens is through hostile enterprise-signed mobile apps. These are malware programs that use distribution code native to popular mobile operating systems such as Android. When this method is used, cybercriminals are able to move data across corporate networks without raising red flags.
The problem of data leakage can be addressed by limiting the number of permissions you give applications you have downloaded from the internet. It is also important to avoid storing your veterinary practice data on your personal mobile phone. If possible, you should have two smartphones, with one dedicated to work-only applications and engagements.
Earlier this year, news of Pegasus spyware swept the world after it was revealed that many world leaders had fallen victim to the program that could stay hidden on a phone while recording every phone call, text message, and email. Although the news quickly faded from our newsfeed, the threat that spyware poses has remained, and today, it is one of the most commonly used methods by cybercriminals.
When spyware is installed on your phone, there is a high likelihood of it staying hidden for months and accessing sensitive information without your knowledge. Unfortunately, some spyware, such as Pegasus, is also capable of evading any antimalware software, making their removal very difficult. This is why it is important to separate your work phone from your personal phone to avoid getting easily compromised by spyware, which can result in your veterinary practice data getting stolen.
4. Sessions Hijacking
When you log in to a website or an application, a session is created. These sessions are what allow you to access personalized information on an application or a website without being asked to re-authenticate your identity.
Unfortunately, there are instances where session data can be stolen and used to impersonate your account. Cybercriminals with such tokens are able to access every facet of the compromised application. For instance, if the application compromised is your banking application, they will be able to transact remotely using your details, and without your knowledge. The same can also apply to logged-in websites that are left unattended, allowing cybercriminals freedom to explore it and other connected parts of your veterinary practice’s network.
5. Phishing attacks
Mobile phones are the best targets for phishing attacks. This is because mobile phone users are able to track their emails and text messages in real-time and, in most cases, open them without giving a second thought about getting attacked by cybercriminals.
The mobile phone layout also makes it harder for the email receiver to verify if the email is from a genuine source, partly because you have to expand the header to read the name. Therefore, cybercriminals only need to design their emails as the people they are impersonating, without changing the names, as the chances of receivers falling victim are high.
Fortunately, phishing attacks can be prevented by being more cautious before opening emails or submitting details to logged-in websites. Veterinary practice staff can also be easily trained to avoid falling into the pitfalls of phishing attempts by cybercriminals.
Think Cyber Security is complicated & Expensive??
Download our FREE ebook “5 Simple Steps to Protecting your Practice” to learn easy cost-effective ways to start protecting your hospital!