While convenient, mobile devices can get malware and pose a risk to your business.
Whether used as a POS device, storing and accessing sensitive data, or even making calls, mobile devices are being used more frequently in the office space. Here are some reasons why:
White Paper: How to Effectively Manage a Data BreachDownload Here
- More convenient: Filling out information on a tablet is often easier to do than filling out paperwork. It also frees up space for paper work.
- Less expensive: A mobile device will cost much less than a POS device. A company can save even more by implementing a BYOD policy.
- More mobile: This may sound obvious, but carrying around a mobile device is much easier than taking a computer everywhere. It gives you quick access to information right away.
But there’s also a downside to mobile devices, and that’s malware. Hackers are constantly working to steal data from mobile phones and tablets. You’ve probably seen examples of mobile device malware and these attacks in the news. And the attacks are becoming more and more common.
Why are mobile devices so dangerous?
Mobile devices in general aren’t as secure as computers. The same security measures that companies use for workstations and servers usually aren’t in place for mobile devices. Because of this, mobile devices may not be protected by things like firewalls, encryption, or antivirus software.
Yet more employees are using mobile devices to gain access to sensitive information. This puts their company more at risk for data theft.
How does mobile malware affect businesses?Most businesses have corporate resources available from employee devices. Should any of these devices be compromised by malware, sensitive information could be captured.
A lot of the risk depends on how your mobile environment is set up and how your employees can access sensitive data. Unless you have policies and controls in place regarding mobile devices, your employees are probably accessing sensitive information from their mobile devices, information that can be stolen by malware.
SEE ALSO: Stop Looking for a Mobile Security Standard
But how does the malware get on your phone? Here are 5 ways your mobile device can get malware.
How do mobile devices get malware?
1. Downloading malicious apps
The apps you get at an official app store are usually safe, but apps that are “pirated,” or come from less legitimate sources often also contain malware. These are apps that appear to be legitimate, but instead contain spyware or other types of malware.
Occasionally an app with malware will make it through to an official app store. One recent example is InstaAgent, an app that stole Instagram user credentials and sent them to a third-party server without the knowledge of the user. These apps are usually discovered and taken care of quickly, but they illustrate what can happen.
Sometimes developers will use pirated development tools, which have been compromised. Everything developed using these tools will then contain malicious code, which may steal sensitive data or damage the mobile device.
WATCH: How to Know if an App is Secure
Be choosy when downloading apps, and download only from reputable app stores. That usually prevents you from coming across malware-infected apps.
2. Using a mobile device with operating system vulnerabilitiesOften the mobile device itself may have vulnerabilities that hackers can exploit. Usually these vulnerabilities are discovered fairly quickly and patched up, but if you’re not regularly updating the software on your phone, your device will be vulnerable.
It’s critical to keep your mobile device up to date just like any other computer, or hackers can exploit those discovered vulnerabilities.
3. Opening suspicious emailsMore employees are using their phones to look at and answer corporate email, which is a way hackers can install malware on your phone.
Here’s an example: you receive an email that says you’ve won something (a tablet, a vacation, etc). You open the email and click on the link, and nothing happens, or you’ve been taken to a dummy site. But malware was downloaded and installed on your phone. The data on your phone may now be exposed to that hacker.
Just like on your computer, avoid opening suspicious emails on your phone.
SEE ALSO: 7 Ways to Recognize a Phishing Email
4. Using non-secure Wi-Fi/URLsIf you’re accessing insecure websites, you run the risk of exposing sensitive data transmitted from your device. You’re also more susceptible to man-in-the-middle attacks, and being exposed to malware. Avoid using insecure websites and Wi-Fi networks, and consider using antivirus protection and a VPN on your phone to secure Wi-Fi communication.
The browser itself on your phone could also be a source of vulnerabilities. This can lead to web browser attacks. Attacks like these are more common on android devices. Make sure you have the most current version of whatever browser you use.
5. Receiving text message/voicemail phishingYou may get a text message or a voicemail from what appears to be a legitimate source asking for personal information either about you or your device.
Hackers often use this information to steal whatever data they can, including social security numbers, credit card data, etc. They may even be able to use it to make a targeted attack to install malware on your phone.
Whenever you get a text like this, call the company on their legitimate phone and verify with them. Never give out sensitive information through a text. Sometimes even replying to a text can be dangerous, so you should immediately delete any suspicious texts and attempt to contact the company directly.
Tips to protect your mobile device from malwareThe good news is while your mobile device may be at risk for being infected by malware, there are some easy things you can do to avoid it. Here are some ways to protect your phone and other devices from malware:
- Don’t jailbreak your device: Jailbreaking your device removes a lot of its built-in security. While this may let you do more with your device, it also leaves it more vulnerable to attacks.
- Use a VPN: A virtual private network is a secure “tunnel” that lets you access and share information securely over public Wi-Fi networks.
- Download apps only from reputable sources: Unofficial app stores are more likely to be sources of malware-infected apps.
- Encrypt your data: If you have sensitive data on your mobile device, make sure it’s encrypted. It will then remain secure, even if malware steals it.
- Do mobile vulnerability scanning: You can’t prevent what you don’t know about. Use a vulnerability scanner like SecurityMetrics Mobile for your mobile device.
- Update software and hardware: Companies often release updates on mobile devices that address potential vulnerabilities.
- Train employees: Your employees should know about malware and taking the right measures to avoid it. Include mobile device security in your training.
- Have mobile device policies in place: Whether your company owns the devices, or your employees use their own, you need to have security policies set up that address the use of mobile devices.
David Page is a Qualified Security Assessor and has been with SecurityMetrics for six years. He has over 18 years experience in network and system engineering, design, and security.