Historically the business world didn’t put much of a focus on mobile cybersecurity. Smartphones weren’t often used for business-critical activities, and as such were often deemed ‘secure enough’.
But in recent times the role of the smartphone has changed dramatically. The technology has improved to the point where even a basic model is now capable of completing pretty much any business task. COVID-19 then struck, forcing remote workers to become more reliant on their handsets.
As the business use of smartphones has increased, so too have mobile malware threats. Check Point found that cyberattacks targeting smartphones increased by 50% in the first half of 2019 when compared to the same period in 2018, and the company predicts attacks to surge further. It makes sense from a threat’s perspective: more use equals more opportunity. So what is mobile malware, and how do these attacks work?
How do mobile malware threats gain entry?
While iPhones are not 100% secure in terms of malware, the reality is that the more open Android system is comparatively susceptible to attack; particularly at a time when many organisations are instituting bring your own device (BYOD) policies. This effort to cut costs sees a company relinquish much of its control over handset security.
The most common malware attack vector is via the app store. A user downloads a seemingly legitimate application, only for it to infect their smartphone. Despite Google and Apple screening all applications, in 2018 0.04% of Google Play apps contained malware, while 18 such apps were taken from Apple’s store late last year.
Malware isn’t limited to app downloads however. Other attack vectors include:
- Phishing emails or messages
- The use of unsecured or public WiFi
- Inherent system vulnerabilities
How do mobile malware attacks disrupt a business?
In each of the cases listed above, malware is unintentionally or unknowingly downloaded onto the smartphone, opening it up to data and system security breaches. If a device has access to business systems, a single piece of malware on a single smartphone could jeopardise your entire operation.
Malware – a portmanteau of malicious software – can act in a variety of different ways. It could be designed to spy on businesses, to steal, lock or corrupt data, to damage a device, or to generally cause a mess. It could do so through spyware, ransomware, trojan horses, viruses, worms, botnets, adware or a heady combination of them all.
Malware can disrupt your business in a diverse number of ways, costing you millions while also being a PR nightmare. A telemarketing company of 300 people recently had to shut its doors because of a malware attack, while a global aluminium producer coughed up US$71 million in the fallout of a 2019 attack. Such is the impact of these attacks that a 2017 report by Malwarebytes found that ransomware shut down one in five small businesses that it hit.
How to protect your business from mobile malware threats
How then does a business protect itself against such a serious and omnipresent threat, particularly if they have remote workers using BYOD Android smartphones for business purposes?
Education is key. Reassuringly almost all malware attacks are preventable, so giving your employees a clear set of security guidelines to follow can ensure that you’re minimising your vulnerability.
- Only install legitimate apps: Ensure you download all of your apps from trusted sources – use a link provided by the app creator to find the app in the app store. Check user reviews to ensure that the app is well-established and well-reviewed. Never download an app through a link provided by an unknown third party.
- Use secure WiFi: Password protected WiFi will ensure third parties can’t gain access to your device like they can over an open network.
- Don’t get hooked by phishing: Email remains one of the most common attack vectors for malware threats. Never click on a suspicious link in an email.
- Install protection: Install anti-virus software and run it regularly on your device.
- Never jailbreak your device: This can open it up to attack, particularly as you will miss out on automatic security patches and updates.
- Set your device to automatically update: This ensures the latest patches will be updated on your device.
While it’s true that the threat of mobile malware will only increase as business smartphone use continues to rise, there are ways that an organisation can minimise its vulnerability. A business must be proactive in ensuring its employees know what and what not to do.
Unless it wants to become yet another mobile malware threat statistic, an organisation should treat malware as the very real and present threat that it is.
Another topic we wrote about recently was on ransomware attacks and how to protect your business. You can read more on this blog here.