Stepping up mobile security
With most corporates relying on their smartphones for working on the go, there has never been a greater need for businesses to ensure they have a mobile security strategy in place.
Data security and issues regarding privacy are just as significant considerations on a mobile platform as they are on traditional PCs or laptops. However, the latest concern is the rise in mobile adware or ‘madware,’ which can provide cybercriminals with personal information, exposing users to risk. “Mobile trojans today have reached levels of sophistication comparable to Windows-based malware, and the threat to corporate data stored on personal devices is greatly magnified,” says Pradeesh VS, General Manager at ESET Middle East.
According to Symantec’s January 2014 Intelligence Report, 32% of mobile malware tracks users, collecting SMS messages, phone call logs or even pictures and videos taken with the device. Meanwhile, 15% of these can be used to send content, ultimately showing up on the user’s telephone bill.
In the smartphone market, Android still enjoys the highest penetration and research agency Gartner predicts that over 1 billion devices will be shipped in 2014. However, Android is also the most targeted of all platforms and was found to host 257 out of 277 new families of malware, according to the Q1 2014 Mobile Threat Report by F-Secure Labs.
“The popularity of the Android OS makes it a lucrative target for attackers as with more users, the potential of successful infection is vastly greater,” Pradeesh said in a statement, announcing the global IT security firm’s new security solution for Android devices. The new Anti-Theft feature allows Android users to track lost or stolen mobile devices through their web interface.
How to get started
With the threat from malware increasing in prevalence, what steps can businesses take to safeguard their data? “First of all, try to understand the fundamental risks you want to mitigate and also try to understand how the different technical solutions are trying to address your need,” says Pradeesh.
The increasing Bring Your Own Device (BYOD) to work trend has changed the way companies need to approach security issues. Now, organizations need to address not just security “but other aspects of mobile device management such as network readiness, employee training, integration with well-established business applications and development of new mobile specific applications.” Pradeesh explains that IT managers also need to stay on top of how the system is controlled and monitored since access to the corporate network through a mobile device should never be left unchecked.
According to Pradeesh, employees need to ensure their mobile device usage is in line with company policies in some of the following ways:
- Updating software: Employees need to be made aware of vulnerabilities made possible through applications and be informed on how to protect their devices, especially when installing updates that may not be compatible with a mobile security solution in place.
- Acceptable usage: As a policy, this is difficult to enforce but employers need to ensure that devices owned by their workers conform to an acceptable usage policy. For example, employees must be informed of the need to have a password protected device.
- Device loss or theft: There is the very real possibility of mobile theft or loss of device. In such a scenario, it becomes absolutely essential that the organization has the ability to remotely wipe all data from the device.