Written by Phil Jones, Group Managing Director – 16th August 2016
Mobile malware and mobile device security poses a range businesses threats, especially to those who favour BYOD. In light of the recent PC malware viruses such as the Zepto and RAA Malware, many businesses remain unaware that there is also a large amount of mobile malware in circulation.
As BYOD policies are now commonplace in the majority of business it is important to also include Mobile device security within your EMM strategy.
We discuss the main threats to BYOD mobile device security and share some tips on how businesses can prevent them.
One of the most prolific mobile malware attacks to date was the Hummingbad malware that earlier this year reportedly infected over 10m Android handsets worldwide.
By attaching itself to infected versions of trusted Android apps, Hummingbad implemented applications to generate fraudulent advertising revenue, and collected personal data to sell on, whilst using up all the recipients data allowance.
For companies who embrace a BYOD policy, Enterprise Mobility Management (EMM) platforms can mitigate the risk of malware and help protect corporate data. Meanwhile, robust security policies and mobile anti virus software can be installed on employee’s personal mobile devices without invading their personal privacy.
Public Wi-Fi Security
Public Wi-Fi networks that do not require a password to join them, lack sufficient encryption and are likely insecure. This provides a great opportunity for cyber criminals to access and steal almost all information on a user’s mobile device. And, as the hacker sits in between the device and the public Wi-Fi it is connected to, the user remains unaware all their information (and potentially highly sensitive company data) is actually being extracted.
By educating employees of the dangers of using insecure public Wi-Fi, which is not common knowledge for most, businesses can help to mitigate potential threats and help avoid any unwanted attacks and data theft. It is also crucial that acceptable Wi-Fi usage outside the office environment is publicised to employees and enforced.
Mobile App usage
Mobile Apps present a security risk to businesses, as confidential company data is entrusted to a third party’s security protocols by default. Employees who use apps for work purposes, have to rely only on the strength of passwords they set for protection rather than robust end-to-end encryption.
Whilst the major App Stores automatically scan for malicious apps, an employee can download a multitude of apps from third party App Stores that appear harmless but could potentially contain mobile malware to infect the device and extract the data. This happened recently with the array of fake Pokemon Go apps downloaded by 1000’s of unaware users.
By creating a separate, corporate app store on employees devices through an Enterprise Mobility Management (EMM) platform, IT departments can easily ensure that only approved apps can access corporate information, whilst still giving employees the freedom to download whatever apps they wish for personal use.
Monitoring operating systems and software updates
While Apple is said to have complete control over its iOS update system making it relatively secure, malware does still exist for IOS.
The StageFright attack in 2015, exploited weaknesses in the Android source code and allowed hackers to remotely execute malicious code.
As Android has to rely on vendors to patch issues which is why we recommend all BYOD Android devices have anti virus software installed by the employer if they are to be used for work purposes.
We appreciate it is very difficult to manage software updates on BYOD devices. However, making employees who use Android devices aware of the above attack and encouraging them to ensure their personal device is up to date with the latest patches, will assist in helping overall mobile device security.
We have explored the main points to consider that will help improve mobile device security and prevent mobile malware threats – however there are many more things to also take into consideration. Mobile Device Management and Mobile Security are worthy of significant time and investment by any company even those who don’t embrace BYOD.
Please get in touch to discuss your current mobile security setup in more detail. Our Security Consultants would be pleased to discuss it and make further recommendations to improve overall device security to keep your business safe from malware and security threats.