Although companies spent many years building up their network defenses for PCs, most have spent little time securing the network for smartphones. But there are a great deal more mobile devices than PCs and the sheer volume changes the way security needs to be approached. At the same time, most users are unaware of the mobile danger. In fact, Symantec’s 2013 Norton Report showed that 57 percent of adults were unaware that security solutions even existed for mobile devices.
For attackers, the size of today’s user base is clearly a draw. Yet they’re also enticed by the amount of personal information that’s easily attainable once on a device. What’s more, the attack surface on mobile is much wider – cameras, NFC, GPS, Bluetooth and wireless are all common features on smartphones.
The advent of bring your own device, or BYOD, in recent years has turned this personal security threat into a corporate one as well. Mobile devices, which are capable of going inside and outside of the network, can automatically connect to the corporate system and access sensitive data and then connect to dozens of other networks outside of the enterprise. All the while bypassing the types of security measures built for PCs and potentially exposing you to compromise.
Malware isn’t just a PC problem
In order to better hide their activity, cybercriminals have taken to hiding malicious code inside mobile apps that are easily downloaded from app marketplaces. Then they can use malware to steal device information, track users, reconfigure the device, send content or carry out traditional malware functions. Of note, Symantec’s latest Internet Security Threat Report found that the number of mobile threats that track users increased from 15 to 30 percent in 2013, effectively doubling since 2012. Perhaps an indication that this type of data is of more commercial value to cybercriminals.
Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications. Also notable, in 2013 mobile malware seemed almost exclusively focused on the Android platform and in the middle of last year remote access Trojan (RAT) toolkits began to appear for Android, which is likely tied to the widespread adoption of the Android platform.
A Secure Mobile Network
To ensure that your network is secure for BYOD, you need a combination of the right security, management and controls in place. Here are seven tips to integrate into your mobile security policy:
- Add security measures to your wireless network. Having a password or a security key helps keep unauthorized smartphones from accessing your wireless connection. You should also utilize encryption technology to protect the information transmitted through your network.
- Put a pin or password on it. Employees who use mobile devices for business may carry sensitive company information on their phones. If the phone falls into the wrong hands, a pin or passcode is the first line of defense. Encourage users to create a strong password and program it to lock within five minutes.
- Examine app permissions. While apps have to ask for access to many features on your device, many users don’t examine these permissions carefully so malicious app developers find it simple to persuade users that they should grant unnecessary permissions. Educate your users about examining these app permissions before granting access.
- Regulate apps accessed on the network. If an application has a weakness, the app is easier to hack and it poses a threat to an organization’s security. Protect your company by developing a policy item to determine which apps can be downloaded or accessed via the corporate network.
- Lose it, lock it, wipe it. Download an app on your mobile devices that allows you and your employees to lock and wipe a phone in the case of theft or loss. Keep out prying eyes by remotely locking your device. If your phone is gone for good, wipe your data including contacts, text messages, photos, email, browser history and user accounts (like Facebook, Twitter and Google).
- Update, update, update. Make sure that employees get in the habit of updating apps as soon as they are prompted to. Software updates can include fixes to new vulnerabilities and exploited security gaps.
- Don’t let mobile security be your blind spot. With so much personal data on our devices and mobile malware on the rise, our mobile now needs the same attention given to PC protection.