These days, it seems like every business is quick to jump on the bring-your-own-device bandwagon. Boosting the mobility of a company’s workforce no doubt comes with its share of benefits - including increased collaboration among co-workers, which can result in a rise in productivity across the board. However, when an enterprise seeks to implement a BYOD policy, there are several important considerations to make, namely those related to data security.
A BYOD program cannot be successful if decision-makers do not think about the extra protection needed to safeguard the additional mobile endpoints. If administrators allow their employees to access any sensitive business information from their smartphones, tablets and laptops, this content could easily be snooped or stolen by hackers. By considering threats beforehand, organizations are better equipped to prevent security incidents before they impact the company.
One risk in particular to think about is mobile malware. As individuals increasingly utilize their personal devices for corporate activities, accessing a rising amount of sensitive organizational data, the mobile platform becomes a more attractive target for cybercriminals seeking to steal this information. Therefore, it is in any business’s best interest for company leaders to be aware of this threat and are working to avoid it.
What factors lead to mobile malware?
One of the main ways to prevent mobile malware is to understand the activities and uses that can lead to an infection. According to recent Trend Micro research, there are a number of factors that can cause a reduction in security and could therefore lead to mobile malware, including a lack of awareness. A recent survey found that 69 percent of employees using their handheld hardware for work, however, IT teams are only aware of 34 percent of these. Without knowing how many devices are connecting to the network, IT staff have a hard time ensuring proper protection against infections.
Another factor that can lead to mobile malware is an informal adoption of BYOD, which often goes hand-in-hand with lack of awareness.
“In some cases, enterprises may informally encourage the bring-your-own-device trend to please their employees,” stated the Trend Micro white paper. “They may, however, not have written usage guidelines or implement best practices.”
Without a formal policy detailing what devices and applications are permitted for business use, as well as the security responsibilities that employees must follow as part of their mobile activities, the chances of mobile malware infection considerably increase. Before allowing staff members to connect their smartphones, tablets and other mobile endpoints to the corporate network, administrators must craft a BYOD policy that outlines how devices can and cannot be used to ensure complete protection of sensitive company data and documents.
Mobile malware trends: Types of samples, Android infections
In addition to understanding the factors and activities that can cause mobile malware, it is also important to take a look at the attack trends in the current environment. The Trend Micro white paper noted that some of the top malware strategies include trojanized apps and malicious links, both of which attempt to trick users into installing harmful code on their devices.
Additionally, utilizing a third-party app store can also cause a mobile infection. These less legitimate platforms can often house malware-laced applications which, if downloaded, can infect the device and access all sensitive content present on it. Administrators should train their employees to avoid unapproved app stores as well as suspicious programs and links to prevent infections in this manner.
Another trend to be aware of is the increased prevalence of mobile malware targeting the Android platform. Recent industry research showed that an estimated 2,000 new Android malware samples are uncovered on a daily basis, noted MaaS360 contributor Brian Christini. Additionally, PC Tech stated that researchers have found a 388 percent increase in mobile malware within Android’s Google Play store from 2011 to 2013. These findings illustrate that some operating systems are safer than others.
Tips for avoiding mobile malware
While some companies have chosen to specify what types of devices can be used for BYOD to avoid Android threats, others utilize best practices to avoid infections. According to ZDNet, one such technique is not visiting, and especially not downloading any content on suspicious websites or applications. If the platform seems off, it is best to simply steer clear of it.
Additionally, users should be trained to thoroughly vet programs they download onto their BYOD-supported device. Even non-enterprise apps like games can include a malware strain which could impact business content on the hardware. For this reason, employees should look at app reviews, as well as the organization releasing the app to determine its legitimacy.
Administrators should also ensure that all BYOD devices are as up to date as possible with upgrades and security patches. Not installing these items can leave the door open for hackers, as updates often correct known security vulnerabilities.