One of the most neglected facets of cybersecurity is the risks posed by smartphones and mobile devices. Most veterinary practices, for instance, have a bring your own device (BYOD) policies that are specifically geared towards personal computers while neglecting the impact that a smartphone device can have on their cyberspace.
Unfortunately, smartphones are largely unprotected against malware threats by antimalware/antivirus software. This is despite these devices being treasure troves of valuable information that most cybercriminals target when carrying out their attacks. This includes information such as email accounts, practice management systems accounts, day-to-day veterinary practice documents, and other details such as cloud services that veterinary practices use. Below are some of the ways smartphones are being used to pose cybersecurity to veterinary practices.
Vulnerable to ransomware attacks
Ransomware attacks have spiked in the last few years and have included high-profile cyberattacks that have resulted in millions of dollars in payouts by the victims. Although ransomware attacks are more commonly used in attacking computer networks, cybercriminals are also able to infect mobile devices with ransomware.
Ransomware attacks on smartphones also operate the same way as they would on a computer. When a mobile phone is infected, the ransomware can lay dormant for some time as it encrypts your files. Then when all the files are encrypted, a message is displayed notifying smartphone owners that their devices’ files are encrypted, and they need to pay ransom to be able to access their files. What makes ransomware attacks on mobile phones more effective is that virtually everyone working in a veterinary practice carries a mobile phone with them, and in most cases, these devices are not protected. During ransomware attacks, cybercriminals also steal data. Veterinary practice staff sometimes keep day-to-day working data and accounts on their phones; therefore, when a mobile device is attacked, it puts the whole organization at risk.
One question that most victims of ransomware attacks on their smartphones always ask is whether they can spread it to their computer network. Fortunately, ransomware that targets mobile phones can not run on operating systems such as Windows, Linux, and macOS. This is because most smartphone devices run on either Android or iOS operating systems. These systems are incompatible with PC operating systems. However, if a smartphone is running on either Windows OS or Linux OS, there is an increased risk that it can infect your computer system if they are running the same operating systems as your smartphones.
2. Spyware
One of the biggest stories of 2021 about cybersecurity threats posed by mobile phones involved the Pegasus spyware, an Israeli-made spyware that laid dormant deep inside operating systems of mobile phones and was able to spy on every action smartphone users were doing. The spyware came to light after it was found in phones belonging to heads of state, activists, and journalists.
Veterinary practices also have to be aware of such software because it can be used to target them. Once spyware is installed in a device, it is very hard to detect that your phone is infected. For instance, if a practice owner’s smartphone is infected, it means that all communications with clients are monitored, all emails read, and every account that is connected with the device is also monitored. Applications and services such as email servers and practice management systems are regularly compromised without their knowledge, and data is constantly stolen. Unfortunately for them, if a device is infected, unless you change it, cyber criminals will always have access to all your data and accounts.
3. Phishing
Cybercriminals now realize that phishing from people on smartphone devices is easy than those using personal computers. This is because, in mobile devices, there are many attack vectors that can be used for phishing. This includes apps that request permissions of your files, contacts and using other applications. Mobile phone phishing also has a high reach than computers. This is because virtually everyone has smartphone devices, including people who are not conversant with cybersecurity threats. This means that phishing methods such as setting a fake application that looks similar to a legitimate practice management system, including details such as logo and names, are possible using a mobile phone.
Email phishing is also rampant because most people open their emails using their mobile phones. The result is an increased risk of failing to verify if the site users are redirected to after clicking a link is legitimate because of the small screen of a smartphone. Therefore, they end up submitting logging details to cybercriminals, which are used against them.
4. Jailbreaking and rooting techniques
In cases where you lose your smartphone device or it is stolen, cybercriminals are able to access your phone by either jailbreaking for iOS or rooting for Android devices. These techniques give cybercriminals administrative privileges, where they are able to run your smartphone devices as you would normally. All your logged-in accounts become accessible to these cybercriminals, and they are even able to hack your other accounts since they can verify accounts using the multi-factor authentication connected to the phones.
Securing smartphone devices
Veterinary practices should restrict the use of mobile devices in carrying out practice-related activities such as emailing and practice management system usage. Staff should also be trained on the cybersecurity risks that can come from their devices. They should also be trained on how to detect cybercriminals’ activities such as phishing and malicious applications that are likely to steal or encrypt their data. Important documents should also not be saved on mobile phones because, in most cases, these devices do not have the required security to protect such data.
Need help securing your veterinary practice from cyber attacks?
Schedule a FREE call today to see how Lucca Veterinary Data Security can help keep your practice safe from the latest cyber threats!