The current growth trend of mobile malware indicates that hackers will continue to target smartphones and their users. Businesses should expect the attacks to grow sneakier and more sophisticated. In 2013, mobile malware grew 614%, according to a study completed by Juniper Network. They also estimated that more than 500 third-party apps contained malicious code in app stores, the majority originating from Russia and China.
Malware has long been used to gather sensitive information or to gain access to private computer systems. With the coming popularity of BYOD (Bring Your Own Device) policies, this should be a concern for every business owner. The most common security threats being back-door Trojans, which steal data without the user’s knowledge, and malware that finds banking login information.
The fundamentals of mobile data security include:
Business phones should be setup with a secure container. The data on the phone is encrypted, and a remote-wipe is enabled. The remote wipe will only affect an ex-employee’s business data and will leave personal information such as photographs. The most important engineering task is to keep the operating system up to date. On android phones, 77% of the threats could have been eliminated if the current OS had been updated, while only 4% of Android devices have a current OS.
Keeping control of the servers is as important as control on the device. Make sure that mail is hosted on a company server. Cloud servers are highly popular, but the best way for control of your company security is to know where all sensitive data is being backed up. Jailbroken phones remove the manufacturer’s security features, and would allowing app downloading of pirated software. Businesses should consider if this would be an allowance within the BYOD policy.
Keep employees informed on safe phone activities including scrutinizing apps before installing, avoiding unauthorized or “independent” app stores, and anything that is too good to be true probably is. Apps promising free movies, games or songs are likely the most dangerous. Also watch out for bogus antivirus apps; stick with the developers that are known and can be trusted. Be sure to encourage discretion when using sensitive or proprietary services over open Wi-Fi, and turning off Wi-Fi, GPS and other near field communication (NFC) when not immediately using.
With the popularity of BYOD it is not necessary to prohibit someone from working on their own mobile, but a company should enforce a policy to not allow rooted or jail-broken phones onto work premises. Furthermore, make sure to get the right infrastructure into place, staying on top of the most current developments. Proactive measures can help protect your business data.