Credit unions that actively embed mobile handheld devices intotheir IT systems, such as with Bring Your Own Device andCorporately-Owned or Personally-Enabled (COPE), need to also fullyunderstand the possible security risks, according to Ondrej Krehel, founder/principalof the New York City-based cybersecurity intelligence firmLIFARS.

Got cybersecurity concerns? Register today to joinus for the free, all-day Data Breach Defense Virtual Conference onOct. 6 , and be sure to spread theword!

There is an increasing dependence on smartphones – the number ofsmartphone users worldwide is expected to surpass two billion in2016, and they're becoming the primary computing devices withinorganizations.

With that, here are five key points to understanding how smartphone use poses risks to organizations, and the bestways to mitigate those risks.

1. Smartphones are viewed as targets

Smartphones function as network clients, offer plenty of storagespace and contain powerful processors. These functionalities alsomake them obvious targets for hackers and malicious operators.

“Ignorance and a lack of general awareness by the user areusually the most important factors leading to vulnerabilities,”Krehel noted. “It is important to understand the risks involvedwith smartphone usage, the potential impact of such vulnerabilitiesand the security measures required in curbing security risks.”

A 2014 research team from the University of California Riversideand University of Michigan demonstrated their hack of an Androidphone and reported their method was successful between 82% and 92%of the time on six of the seven popular apps they tested.

2. Smartphones provide access to sensitiveinformation

As Krehel pointed out, senior management and high-rankingofficials in critical financial institution infrastructures arehighly likely to have access to sensitive information, data anddocuments though their smartphones and may even use their phones asstorage devices for important information.

Any breach or smartphone hack targeting these users is bound toresult in significant consequences.

With such high stakes, organizations and corporations shouldhave clear security policies in place. Detailed risk assessmentsspecific to the organization can usually determine the best networkand security guidelines.

In general, the use of smartphones should be restricted in workenvironments that require high-level security clearances.

3. Smartphone hacking techniques run thegamut

Types of smartphone vulnerabilities, and their consequences, arelisted below:

• Malware intrusion. Keylogging programs,phishing scams and other malware specifically designed to collectcredit card data, or email and banking credentials, lead todevastating consequences.
• Loss or theft. Unless it's encrypted, storedinformation on a lost or stolen device is accessible tounauthorized users.
• Unintentional disclosure. Falling prey tophishing attacks, for example, can lead the user to discloseinformation involuntarily.
• Spyware infestation. Smartphones infected withspyware run the risk of giving malicious hackers remoteaccess.
• Surveillance attack. By hijacking a smartphonehardware feature such as its camera, microphone or built-in GPS,the device becomes a spying tool.
• Network spoofing. A rogue global system formobile communication access point or Wi-Fi connection allowsattackers to intercept and collect information and data.
• Diallerware attack. This malicious applicationengages the smartphone in phone calls and text messages at premiumrates.

4. User education is critical

“Cybersecurity experts and researchers will always insist uponthe fundamental belief that there is no such thing as 100%security,” Krehel suggested. “However, security practices andmeasures can be embraced and followed by smartphone users toenhance the phone's security and lower vulnerabilities.”

User education measures should include: Never leaving financialinstitution-connected phones unattended, setting a password or PINlock for the home screen, configuring an auto-lock, using the SIMlock, using trusted applications, maintaining update cycles,embracing encryption and employing anti-malware.

Users should also ensure mobile security applications come fromtrusted sources and keep anti-malware software updated to combatthe newest threats.

5. Good judgement goes a long way

Security researchers always recommend using caution whenconnecting to an open Wi-Fi network. Connecting to protected andsecure networks from trusted carriers also counts as a goodsecurity habit.

“Being proactive when looking at links or attachments sent viaemail, including those from trusted sources, helps users avoidspear phishing campaigns, scams, loss of privacy and identitytheft,” Krehel said.

In addition, when switching to a new smartphone, it's importantto securely dispose of or recycle your old smartphone, Krehelsaid.