5 Ways to Protect Your Mobile Devices from Malware

Have you fully examined the importance of securing your organization’s mobile devices? Chances are you understand the value of securing your desktop and laptop computers; however, malware is also one of the biggest mobile device security threats. In fact, cyber-criminals are launching more malware attacks on mobile devices each year so it’s important that your organization is protected.

Mobile Device Security and Malware

According to Kaspersky Labs, cyber-criminals used more than 4 million installation packages to disperse malware to mobile devices in 2013. Kaspersky explains, “The majority of mobile malware still specialize in minor money theft using premium rate calls and messages. However, over the year, the number of mobile malware modifications designed for phishing, the theft of credit card information and money increased by a factor of 19.7.” The goal of malware is to continue to operate on the infected device: The longer the infection goes on, the greater the criminal’s potential for profit.

In 2013, there were 143,211 malware apps targeted on mobile devices. Why so many? In short, there are several easy opportunities for cybercriminals to make money from your smartphone or tablet. Examples include:

• With access to your mobile device, criminals can make premium-rate calls, steal your mobile banking password, and even steal money from your electronic wallet.
• With the available memory on mobile devices expanding rapidly, more users are storing documents, emails, and other data directly on their device. If an attacker can infect and access your device, he or she can access those data, as well.
• If a mobile device user enables geo-tracking on the device, a cyberattacker can track that person’s movements, even accessing the device’s camera for surveillance purposes.

The Special Case for Android

Android has been and remains the primary target for mobile malware, accounting for 98.1 percent of all malware detected in 2013. As Steve Mierzejewski noted in his 2015 blog post, Android-specific malware was expected to expand 200 percent between 2013 and 2015, a statement backed up by researchers at G Data, who claimed that more than 6,000 samples of Android malware were discovered each day in the second quarter of 2015.

Why do cybercriminals focus so heavily on Android? In part for the same reason cybercriminals have targeted the Windows operating system more heavily than Mac OS X: market share. Android users account for roughly half of mobile device users in the United States. Perhaps the biggest reason, however, is that most mobile device users simply don’t think mobile malware presents a real problem and so don’t harden their devices against it. Simply put, mobile devices—and Android devices in particular—are low-hanging fruit for cybercriminals.

Protecting Your Mobile Devices

Mobile devices, and smartphones in particular, are ubiquitous in today’s workplaces. Whether a company issues company-owned mobile devices or has a bring your own device (BYOD) policy, every time an employee accesses company resources from a mobile device, that business is potentially at risk. Particularly virulent mobile malware such as NGE Mobi, the Mapin Trojan, and AndroidOS.SmsThief are sufficiently sophisticated to, as Steve Mierzejewski puts it, “leverage [their] control over an endpoint to gain access to your network. Once there, [they] could take whatever the remote operators want [them] to take. Your employees’ problem suddenly becomes your problem.”

All is not lost, however: mobile device security is trickier than applying the defense-in-depth strategies commonly used on desktop and laptop computers, but many of the same approaches apply:

1. Use anti-malware software on all mobile devices.
2. Ensure secure communications through encryption and/or a virtual private network.
3. Require authentication with strong passwords—for example, multi-factor authentication, with biometrics and approval from a secondary device.
4. Restrict users’ ability to install third-party software on mobile devices. (Obviously, there are implications for this strategy if the company allows BYOD.)
5. Conduct regular security audits with penetration testing.

Mobile device security shouldn’t be an afterthought but rather part of a company’s overall approach to protecting its data, its users, and its customers. Contact All Phases IT today to speak with one our experienced IT consultants. We’ll evaluate your current mobile device security measures and help you determine the best way to keep your company—and its data—safe.