Keeping Your Business and it’s Mobile Devices Safe From Malware Attacks
Recent industry reports from cyber security firms such as McAfee and Kaspersky Lab have identified that mobile malware attacks are becoming increasingly widespread and more sophisticated.
Most business professionals use smartphones these days. These devices are basically small computers and can be infected with malware in a similar way to a PC – usually through malicious links or attachments sent via email. As people are now using smartphones to access corporate email accounts, make online payments, etc. there is an increased risk for businesses. Another risk exists where an employee’s device is hacked and the firm’s passwords and remote access logins are stolen. This can allow hackers to get inside a businesses’ firewall and spread malware to computers across the company network.
So, what should businesses do to protect themselves? Mobile antivirus tools can help to a degree and all company data should be backed up regularly. That said, it is more important to teach your employees the basics of mobile security to eliminate putting themselves or the firm at risk in the first place. Basic training can involve teaching your employees how to identify suspicious emails and to avoid clicking on potentially dangerous links on their smartphones.
Fake apps are another serious risk. Cyber criminals often design apps that imitate legitimate apps or they might offer a game or utility app for free. In order to minimise this risk, your firm should create and publish an internal list of approved apps. All employees that use company devices should receive regular communication regarding which apps are approved for use on company devices. It should also be made clear that no other apps can be installed on a company device without express permission from the relevant person.
Nasstar also advises: “This is where mobile device management platforms can help. You need to be considering:
- Strong data encryption — a rarity in being named in the GDPR, so it really is essential
- Remote wipe capabilities
- Device password protection
- Regular back-ups
- Centralised management
- Regular over-the-air software updates
Alongside cybersecurity training and awareness programmes and cyber-insurance for those devices, you should now have the makings of a decent mobile security strategy. It will also need to be adaptable enough to change over time. If there’s one thing we can be sure of, it’s that the nature of mobile threats will change.”
Finally, your firm should have monitoring tools in place, which check for signs of unusual activity on the network, such as remote logins from unfamiliar IP addresses, large files moving out of the network over email, etc.
For further information on IT Security, please contact Richard Bacon on 023 8046 1255.