October is National Cyber Security Awareness month.
This is part 8 in a series of blog posts we will be publishing on various topics aimed at educating you on how to stay protected on today’s Internet landscape.
Although many companies mainly focus on building up their network security for PCs, most have not realized the importance in securing the network for smartphones as well. At the same time, most personal users are unaware of mobile security threats. In fact, Symantec’s 2013 Norton Report showed that 57 percent of adults were unaware that security solutions even existed for mobile devices.
What’s more, the attack surface on mobile is much wider – cameras, NFC, GPS, Bluetooth and wireless are all common features on smartphones. Hackers can use these features to access and exploit a multitude of vulnerabilities, and do things such as sending and accessing content, tracking your location, installing adware, spyware and even reconfiguring device settings.
As the popularity of portable devices grows, so does the desire of employees to bring their personal devices to work. While employees are bringing their personal devices into the office with them, many have the desire to perform work tasks, such as checking email, reviewing sensitive documents and communicating with coworkers via voice and text messages. The advent of Bring Your Own Device, or BYOD, in recent years has turned personal security threats into corporate ones. Mobile devices, which are capable of going inside and outside of the network, can automatically connect to the corporate system and access sensitive data, and then connect to dozens of other networks outside of the enterprise. All the while they bypass the types of security measures built for PCs and potentially exposing the business’s data to compromise.
Malware isn’t just a PC problem
In order to better hide their activity, cybercriminals have taken to hiding malicious code inside mobile apps that are easily downloaded from app marketplaces. Another popular method of luring the user to download these malicious apps is via email campaigns that lead the user to click their way to a malicious website and then entice them into downloading an app. This is why it is very important not to click on any links from unknown senders.
Symantec’s latest Internet Security Threat Report states, “The attraction of the mobile environment to attackers is clearly based on the size and growth rate of the user base today. Yet it’s also based on the amount of personal information that’s easily attainable once an attacker is on the device.” This is perhaps an indication that this type of data is of more commercial value to cybercriminals.
Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications with the ability to steal data and other valuable information. Also notable, in 2013 mobile malware seemed almost exclusively focused on the Android platform and in the middle of last year, Remote Access Trojan (RAT) toolkits began to appear for Android, which is likely tied to the widespread adoption of the Android platform.
Identifying Mobile Malware
In today’s Internet landscape, mobile malware threats pose as more than just fake apps. Sometimes they can pose as security updates via email, SMS messages or even a strange notification, and clicking the link may expose the user to malware that is capable of stealing the user’s data. Malware can also access your phone via operating system vulnerabilities, which is why it is important to keep the device’s software up-to-date. Educating your employees on the malware landscape is a good defense against possible data breaches, but that is just part of the solution.
With the popularity of BYOD comes security concerns. Many security challenges IT managers face include implementing a uniform security protocol across different types of device hardware and software, preventing data breaches, monitoring app security and what to do in the event that a device becomes lost or is stolen.
A Secure Mobile Network
To ensure that your network is secure for BYOD, you need a combination of the right security, management and controls in place. Here are some tips to integrate into your mobile security policy:
- Add security measures to your wireless network. Having a password or a security key helps keep unauthorized smartphones from accessing your wireless connection. You should also utilize encryption technology to protect the information transmitted through your network.
- Examine app permissions. While apps have to ask for access to many features on your device, many users don’t examine these permissions carefully so malicious app developers find it simple to persuade users that they should grant unnecessary permissions. Educate your users about examining these app permissions before granting access.
- Regulate apps accessed on the network. If an application has a weakness, the app is easier to hack and it poses a threat to an organization’s security. Protect your company by developing a policy item to determine which apps can be downloaded or accessed via the corporate network
Secure Mobile Devices
There is certainly more control over device security while on a company’s network, but these devices do not always stay within the confines of said network. The following tips are ways that you can secure the user’s phones while being used outside of work:
- Use a Virtual Private Network. When employees need to access company data outside of the secured network, establish a VPN for when they are using their device other networks.
- Put a pin or password on it. Employees who use mobile devices for business may carry sensitive company information on their phones. If the phone falls into the wrong hands, a pin or passcode is the first line of defense. Encourage users to create a strong password and program it to lock within five minutes.
- Lose it, lock it, wipe it. Download an app on your mobile devices that allows you and your employees to lock and wipe a phone in the case of theft or loss. Keep out prying eyes by remotely locking your device. If your phone is gone for good, wipe your data including contacts, documents, text messages, photos, email, browser history and user accounts (like Facebook, Twitter and Google).
- Update, update, update. Make sure that employees get in the habit of updating apps as soon as they are prompted to. Software updates can include fixes to new vulnerabilities and exploited security gaps.
- Encrypt It. If possible, have employees encrypt their mobile phone, or at the very least, only send and receive encrypted data.
Don’t let mobile security be your blind spot. With so much personal data on our devices and mobile malware on the rise, our mobile devices now need the same attention that is given to PC protection.
Secure your workplace networks and your user’s personal phones using the above-mentioned tips. Additionally you can add an extra layer of security to smartphones by installing mobile protection security software such as Norton Small Business Software.
This is part 8 of a series of blogs for National Cyber Security Awareness Month.
For more information on various topics, check out:
Week 1
5 Ways You Didn't Know You Could Get a Virus, Malware, or Your Social Account Hacked
How To Choose a Secure Password
How To Avoid Identity Theft Online
How To Protect Yourself From Phishing Scams
How To Protect Yourself From Cyberstalkers
Week 2
Mobile Scams: How-to Identify Them and Protect Yourself
Exactly How Free Is That Free App?
Cyber Security Concerns and Smartphones
Week 3
Keeping Your Mobile Fitness Data Secure
Security Concerns and the Connected Car
The Connected Home- Just How Safe Is Convenience?
Week 4
Securing Employee Technology, Step by Step
Are Your Vendors Putting Your Company’s Data at Risk?
Four Mobile Threats that May Surprise You
Theft-Proof Your Mobile Data
Traveling? Don’t Let Your Mobile Data Stray