Smartphones and tablets have introduced unparalleled flexibility and versatility to modern businesses, allowing unique opportunities for remote working and connectivity. However, they are not without their risks, and any workplace that utilizes such devices must be sure to include adequate security measures as an element of its overall mobile device management strategy.
According to research by McAfee, there were over 1.5 million new incidents of mobile malware in the first quarter of 2017 alone, and the fact is that many designers still don’t consider mobile device security to be a top priority when creating apps. With many businesses operating bring-your-own-device policies, the possibility of malware spreading from an infected device to the business network – and in turn, threatening data loss or theft – is only too real. Here are a few of the potential mobile threats that owners of all sizes of businesses should be aware of.
- Enterprise-class spyware. Some hackers and malware authors just want to cause havoc … but others have a very real intent to steal and exploit sensitive corporate data. And while it might be comforting to think of most hackers as social misfits living in their mom’s basement, it’s important to remember that both corporate espionage and nation-state level hacking aren’t just the stuff of fiction. With most mobile devices incorporating technologies such as voice activation, recognition, and recording, as well as GPS tracking, a compromised mobile device can become a dangerous surveillance device even without connecting to your corporate network.
- Dead apps. We probably all guilty of having dead apps on our mobile devices, whether it’s something we installed, didn’t like and just didn’t bother to uninstall, or an older, obsolete app that is no longer supported. Older apps that are no longer being actively supported and patched could potentially be exploited by malware, so it’s a good idea as part of your mobile device management strategy to remind all employees to regularly delete all old or unused apps from their devices.
- Mobile botnets. Hackers can use malware to control mobile devices without the owner ever knowing, and exploits can range from fraudulent revenue generation (for example, by running disguised ad clicks on the infected – or “zombie” – devices) to stealing IDs and passwords to harvest and sell user data. One such botnet, Hummingbad, infected over 10 million Android devices in 2016.
- The Internet of Things (IoT). Today, mobile devices are connecting to an ever-expanding range of devices, both at home and in the workplace – smart heating and lighting systems, kitchen appliances, warehouse tracking systems, remote sensors … the list goes on. Unfortunately, the manufacturers of such devices don’t always place a high priority on network security, and that can mean an easy-access backdoor that can then be used to compromise mobile device security and wider networks. If your corporate network does include IoT devices, always ensure that passwords are changed and encryption activated, as applicable.
While no corporate network will ever be entirely free from the risk of intrusion, the development of a robust mobile device management strategy is a must. Every device with access to your network should have appropriate security software installed, but perhaps more important is communicating and reinforcing good mobile device security practices with every employee; this is particularly important if your company implements a bring-your-own-device policy.