Malware is short for Malicious softWare, which is designed to damage or even disrupt the computer. The array of malware ranges from spyware to key loggers; some are for financial malware and includes ransomware. Protection against Malware is ‘anti-malware’ products in the simplistic terms, and there we have it. Not much of an article though is it!! So let’s dig deeper into the subject mobile malware prevention.
Vendors such as Sophos, Trend, MacAfee, Symantec or Kaspersky give deeper ways into the prevention. Equally, the ‘User’ must use common sense and it’s down to ‘ownership’ of the problem.
Insight onto the problem
To precise, in 2015 Kaspersky identified the following:
- 9 million installations of malicious packages
- Just under 900,000 new malicious mobile programs, which is a threefold increase from 2014; and
- 7000+ banking Trojans.
The magnitude of the problem outweighs the capability of the everyday user and even that of global businesses.
In the UK alone, as far back as 2011 ⅔rd of SME’s didn’t see their business as vulnerable; most would prefer to pay the ransom. In 2015 ⅓rd of SME’s suffered a cyber attack, just over a ⅕th didn’t know where to start!
Prevention of Mobile Malware
With the preamble completed, it’s now timely to interrogate methods on how we can protect from malware.
Ten (10) steps to undertake:
- Educate your users, the device is just like the computer and should be protected just like one. Users should not install applications; it’s for business use only. If a requirement is identified, it should be risk assessed and approved by the firm.
- Over the air, i.e. WiFi is insecure and thus prone to vulnerabilities. Consider the use of a VPN and a quality one like ExpressVPN, so a secure channel is in place for all staff and develops acceptable use policies (AUP) for all employees, irrespective of grade.
- If the business permits the use of Bring Your Own Device (BYOD), therefore policies must be in place and must be adhered to for all BYOD users. The benefit to the business is a financial viability, though risk is high. The company gives permissions, not the user.
- Jailbreaking removes security limitations, to jailbreak gives full access to the operating system. Whether a device is owned by the business or a BYOD, it should never have been subject to this. An AUP should include about the importance of not Jailbreaking corporate devices.
- The mobile device like the computers used in the business, they all have an operating system. So as the desktop or laptop undergoes updates, the mobile device must be kept up-to-date. Staff must not let these updates be overridden, the AUP should include this.
- Encrypting the device is paramount, even laptops as all will be potential prey to the criminal. Setting strong passwords for the device and SIM are essential, more so the former, this should be reiterated in the AUP.
- A Mobile Security Policy, like the overarching Security Policy and the Acceptable Use Policy, all have a vital function for the integrity of the business. Each have a specific role; equally, all staff should make themselves aware on a regularly basis as part of their training.
- When it comes to applications, making use of the Apple App Store, though only for approved applications. Conversely, consider the creation of an application store for the business. However, you should only be using trusted sources for integrity.
- An alternative the business may wish to investigate is the use of the ‘Cloud’. Here you can decide which applications you want to use and have them assigned to all the mobile devices. The Cloud brings many more advantages, for security and storage – but at the same time, everyone should make cloud computing security a priority.
- The business should be installing anti-malware for its own devices iOS and Blackberry has them by default. Those used in the BYOD scheme should also be installed by the owner, more so for Android devices and the risk is higher.
Throughout this article, I’ve made reference to Security Policy, Acceptable Use Policy and Mobile Use Policy. The internet is a vast repository, by searching on your key requirements, the result will be positive.
Likewise, vendors such as Sophos, Trend, MacAfee, Symantec or Kaspersky all have their own definitive for security. It’s the user to take ownership, you may have your favored company, and the focus should be on your requirements.
Any business, more so for SME, the financial outlay is critical. Planning your requirements, along with astute research will save you and your business a lot of heartaches.
Please do use security software; any of the vendors previously mentioned will give you more than expected. For example access to a secure vault which will be a benefit to the business and individual. The cost will be on average £1 per week, which is money well spent. On top of using a security software, consider using an anonymity tool online – too.
Do align with your government’s recommendations for cybersecurity; implement the ISO 27002 Code of Practice, getting yourself certified to ISO 27001 could always be part of your Security Programme.
Take ‘little steps’ as these will lead you to the pot of ‘gold’!
Top/Featured Image: By www.elbpresse.de (Own work) [CC BY-SA 4.0], via Wikimedia Commons