Recent industry reports from cybersecurity firms such as McAfee and Kaspersky Lab have identified that mobile malware attacks are becoming increasingly widespread and more sophisticated.
Most business professionals use smartphones these days. These devices are basically small computers and can be infected with malware in a similar way to a PC – usually through malicious links or attachments sent via email. As people are now using smartphones to access corporate email accounts, make online payments, etc. there is an increased risk for businesses. Another risk exists where an employee’s device is hacked and the firm’s passwords and remote access logins are stolen. This can allow hackers to get inside a businesses’ firewall and spread malware to computers across the company network.
So, what should businesses do to protect themselves? Mobile antivirus tools can help to a degree and all company data should be backed up regularly. That said, it is more important to teach your employees the basics of mobile security to eliminate putting themselves or the firm at risk in the first place. Basic training can involve teaching your employees how to identify suspicious emails and to avoid clicking on potentially dangerous links on their smartphones.
Fake apps are another serious risk. Cybercriminals often design apps that imitate legitimate apps or they might offer a game or utility app for free. In order to minimise this risk, your firm should create and publish an internal list of approved apps. All employees that use company devices should receive regular communication regarding which apps are approved for use on company devices. It should also be made clear that no other apps can be installed on a company device without express permission from the relevant person(s).
Finally, your firm should have monitoring tools in place, which check for signs of unusual activity on the network, such as remote logins from unfamiliar IP addresses, large files moving out of the network over email, etc.