Various reports from leading security firms suggest that mobile malware is continually increasing. In the age of BYOD it is vitally important for organisations to have clear guidelines regarding mobile device usage in the workplace.
A recent study conducted by Alcatel-Lucent's Motive Security Labs found that mobile malware increased by 25% in 2014 with over 16 million devices infected. Whilst the majority of these devices were running Android, a small percentage of iOS devices have been found to be at risk too. In 2015, mobile malware infection rates are now on par with those affecting Windows computers.
A large number of malware issues are connected to Spyware: malicious software used to track and monitor communications on devices. With large numbers of employees bringing their own device to work and connecting to the corporate network, this presents a genuine threat to enterprise security. 6 out of 20 malware issues are Spyware related, presenting possibilities for sensitive company data to be compromised.
The increasing malware rate, however, could be tackled with greater education for device users. Another recent report suggested that 65% of users assume that their service provider will protect them with few people taking the steps to install adequate security software. Businesses can therefore help protect their networks by ensuring that BYOD policies are clear on the security requirements. Simply allowing any device to connect without the correct security software installed should not be allowed. Using effective mobile device management software can help you to monitor this issue too.
Organisations also need clear policies regarding app usage on both corporate and employee owned devices. A newMcAfee report claims 18 of the 25 top mobile apps were reported as vulnerable in September 2014 and remain unpatched. Earlier this year, McAfee Labs tested a list of vulnerable mobile apps that send login credentials through insecure connections. They found that 18 of the 25 apps have not been patched despite public disclosure and vendor notification. For organisations dealing with sensitive information, it's therefore important to ensure that apps used in the workplace have passed these tests. For businesses developing their own apps, it is increasingly important to ensure that development work follows secure programming practices.
Businesses also need to be aware of issues that can bypass MDM software. For example, mRATS (mobile remote access Trojans) can bypass sandboxes and encryption presenting another emerging threat as shown in this infographic by mobile security company Lacoon. However, an experienced mobile device management provider should be able to help you assess your inventory and/or employee owned devices used to connect to your network, to determine whether any have been jailbroken or compromised.
The persistence of mobile malware is an issue businesses should not ignore, especially those in regulated industries dealing with sensitive data. Ensuring you have tight regulations regarding how devices can connect to your network, and using effective MDM software to manage those devices, will help you to better protect yourself.
Concerned about mobile malware affecting your network?
TEK Express is a specialist mobile device management company. We advise all our clients on best practice regarding mobile security. To find out more about our services, contact our business development team on 01293 7100 20.