Mobile Malware: Do Your Employees Know What to Look for?
The number of smartphones connecting to the Internet now rivals the number of PCs doing the same. Smartphones within SMB environments are no exception. Employees use these devices to surf the Web, check emails, access business critical applications and to overall be more productive. It’s really no surprise that a lost or stolen device is the top mobile security concern for SMBs, according to Symantec research. But, in the spirit of National Cyber Security Awareness Month, let’s delve deeper into SMBs’ number two concern—mobile malware.
Though the amount of malware designed to target mobile devices still pales in comparison to that targeting traditional computing devices, there has been a marked increase in mobile malware this year. Most are what we call ‘Trojanized applications.’ These are legitimate apps that malware authors have altered to include malicious code. These apps still carry out their legitimate functions so they disguise their malicious behavior from the user.
Cybercriminals are increasingly targeting small businesses, so SMBs must protect their business information regardless of where it resides—whether on the road or in the office. In general, there are several things SMBs and their end users can do to protect against mobile malware:
· Only use app marketplaces hosted by well-known, legitimate vendors for downloading and installing apps.
· If practical, adjust Android OS application settings to stop the installation of non-market apps.
· Review other users’ comments on the marketplace to assist in determining if an app is safe before downloading.
· During the installation of apps, always check the access permissions being requested for installation; if they seem excessive for what the application is designed to do, it would be wise to not install the application.
· Utilize a mobile security solution on devices to ensure any downloaded apps are not malicious.
· Consider implementing a mobile management solution to ensure all devices that connect to their networks are policy compliant and free of malware.
New Symantec research released this week found that cybercriminals are still very much in the exploratory phase of figuring out how to monetize the exploitation of mobile devices. Nonetheless, the goal of most malicious code today is to turn a profit, so Symantec expects to see more threats created for mobile devices that seek to steal confidential data, and SMBs will certainly be a target.
Have you experienced any mobile malware issues with your small business end users?