Since the digital revolution and the uptake of personal computing, viruses have always been a thorn in the side of IT administrators worldwide. As the majority of users have moved from desktop consumption to mobile, hackers have also turned their attention to where the most use is, therefore traditional viruses, malware and phishing attacks are proving more successful in the mobile space.
The Rise of BYOD
Companies that have ‘bring your own device’ (BYOD) policies are uniquely challenged as it can be hard to protect an employee’s own personal device, compared to supplying pre-secured equipment where preventative measures can be added before a device first connects to the internet. However, there are revenue and resource costs attached to this; the initial cost can be prohibitive and ongoing maintenance and management costs aren’t the only expenses that are worth bearing in mind.
Phishing attacks, where emails appear exactly like a service provider’s emails and would then redirect to an unsecured website that prompts victims to enter sensitive data or download a compromising program, are presenting a challenge to IT managers and service providers globally. These are hard to protect against, as the failing point relies on convincing an unsuspecting victim that the email is genuine and graphic design tools are easier to use than ever. Admins can block most emails from arriving in hosted inboxes, but personal devices may have other email addresses which are much harder to guard against, and once the attack has been successful, the damage has been done. The hacker could use the vulnerability to track password used on the phone and then gain access to the business’ network from there.
The use of firewalls, active monitoring, GPS tracking and remote wiping facilities, as well as encryption, can all help to prevent these attacks from taking hold across a network; but there is no one-stop answer. Even the most secure of networks can be breached through human error or brute force, depending on a hacker’s route of access.
Whilst we try to be as hardware agnostic as possible, the truth of the matter is that it’s much harder to protect Android devices than Apple’s, as their App Store has much stricter guidelines on user privacy and all apps are checked for malicious intentions before becoming available to download, making it almost impossible for iOS users to download a virus.
The Google Play Store’s global reach, lack of auditing and sheer availability, due to its open source nature, provides a Wild-West scenario for users where cheats and ne’er-do-wells can advertise that apps do one thing while capturing data or private information without the user knowing.
The Human Element
As before, firewalls and active monitoring can help safeguard against malicious apps, however phishing attacks are still rife no matter the platform, therefore educating staff on best practices is the key to mitigating the human-based risk.
Password best practices (using combinations of letters, numbers, uppercase and special characters) will help prevent unwanted access, and training on detecting phishing scams, unscrupulous apps and general data security will reduce risk.
In addition, biometric authentication is becoming harder and harder to trick; Apple’s Touch and Face ID systems, as well as Windows Hello, all offer an added level of security by checking hard-to-fake idiosyncratic physical attributes like fingerprints or face structure to identify authorised users instead of passwords, which may be simple to guess.
Ultimately, there is no magic wand that can eliminate the dangers of doing business on-the-move, but robust practices and educating your teams can go a long way to minimising a business’s exposure to mobile threats.
BYOD strategies add an extra level of complication, but in a world where business and personal lives are merging into one, these will need to be addressed no matter what. Therefore, ensuring security policies are up-to date and in line with growth strategies will help to protect businesses in the coming years.