Smartphones are just as vulnerable to cyber attacks as the traditional desktop, and in some cases even more so. With the wide range of sensitive data we keep on our devices this is hardly surprising.
Cases of mobile malware are on the rise, with an increasing number of flaws being found in the Android platform in recent years.
Research from G DATA found that almost 3.2 million new Android malware samples were discovered by the end of Q3 2018, this totals to over 11,000 new malware samples daily on Android operating systems alone.
Lots of UK businesses provide employees with smartphones, which many use as personal devices as well, which can lead to a whole host of malicious nasties.
To help, we take a look at how businesses can secure their mobile fleet.
Two-factor authentication acts as a second layer of security. Particularly for business users, it is a good way to control access to data.
The authentication process also makes it harder for attackers to gain access to devices or accounts as there is additional security added once a hacker has got past the password.
All smartphones should include two-factor authentication. Apple offers this with its Apple ID feature.
Mobile audits are part of common practice in organisations that already offer a smartphone to employees. These audits will analyse the current fleet, the individual devices and their actual usage.
Performing an audit of mobile devices should offer an idea of what devices your employees are using and allow you to identify potential security weaknesses, depending on their smartphone habits.
For example, if an employee regularly travels they might connect to public Wi-Fi so will require extra security to offset a potentially 'dangerous' internet connection.
You'll need to know how many devices you have, what they are used for, if they are the primary phone for the employee and whether they are updated with the latest security software.
Putting together a quick questionnaire and passing it out among employees will answer these questions and will highlight any areas that need addressing.
Increasing numbers of businesses are depending on mobile devices for collaboration and connectivity for remote workers. And these organisations should look to mobile device management (MDM) software to supper their devices.
MDM tools should secure, manage and also monitor your whole fleet of employee devices. There are tools available from IGM, MobileIron, SOTI and Microsoft that offer a virtual desktop environment, remote file protection and on-device VPN
While there are lots of device management tools and security software that aim to keep devices secure with relatively little effort, a code of best practises should be upheld to ensure the ‘common sense’ aspect of security isn’t forgotten.
A simple document providing security ‘musts’ should ensure the basics of mobile security are upheld. For example not syncing personal emails with work phones, not visiting unsafe website or connecting the phone to unverified devices should be among each organisations mobile best practises.
Both iOS and Android regularly update their operating system, whether that be for a small bug fix or a new version of the software is released.
Making sure your devices are updated is a security must. It will ensure you are running the optimal software and that any bugs or security flaws are dealt with.
While devices running Apple’s iOS are able to set updates to happen overnight, most updates on both OS’ will require you to manually press ‘update’.
Both operating systems will notify you when an update is due, but it is up to the user to action the update. This means reminding employees and updating any shared devices like department tables also.
Some employees will want to only use one phone, and opt to integrate both work and personal applications on the one device. While this may encourage greater efficiency by having all necessary documents and apps in one place, it can leave employees more vulnerable to attacks.
Limiting employees use of non-business apps could make this risk smaller, by keeping the work mobile strictly for work. While some MDM tools claim to be able to do this, if you choose to opt out of MDM software, this could be written into a mobile fleet best practices document.
Depending on the type of smartphones used by employees, you might want to consider some level of encryption.
iPhones and Android phones will require different levels of encryption, with the release of iOS 8 in 2014, Apple began encrypting iOS device with built-in call logs, photos, documents, apps and messages encryption.
See our guide on how to enable encryption on iPhones.
Android devices could be seen as more vulnerable as they run an open source operating system. However, in 2011, Google offered encryption at users’ discretion, while later in 2014, Android versions from Lollipop onwards offered encryption that was turned on by default.
There is some debate as to whether mobile antivirus software actually works. Some argue that all smartphones should use it, while other deem it useless and advise smartphone users to rely purley on common sense to avoid having their device compromised.
Most antivirus tools claim to offer some level of data backup, remote wiping and malware protection and while these features are better than none, most phones rleased in the past few years come with some of these functions built in.
Depending on the content travelling across your mobile network, you might want to try out some different antivirus apps. Opting for a paid-for antivirus will offer the best protection across a number of phone, but for those on a budget there are competitive free options out there.
In addition to keeping apps updated, it's important to only download apps from official sources. Whether you have an Android, Apple or some other kind of mobile device, each has an official app store that requires certain safeguards before an app can be sold on its store-front.
While Android phones can let you download and install applications from third-party locations (after you change a few security settings), cybersecurity experts emphatically warn against doing so.
Applications from unofficial sources do not undergo the verification procedure, and therefore, the chances are much higher than you will encounter malware that can attack programs on the device
Downloading from the App Store or Google Play Store may be a safe bet most of the time, however malicious apps can sometimes slip through the cracks (Hidden App Malware Found on Google Play - Symantec) One way to counter that issue is to pay attention to who made the app in the first place.
Check if the developer has created other apps with suspicious names, such as Wi-Fi Booster, or Easy Root then it might not be a trustworthy one. Make sure to check reviews on the store for the application before installation. If the app was mentioned as suspicious by even one user, don't install it.