BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
With cybercrime on the rise, smartphone malware protection is more important than ever for organizations whose workers rely on mobile devices.
Cybercriminals have adapted their traditional methods for smartphones, using malicious email and text message attachments to introduce malware. They’ve also come up with new ways to thwart smartphone malware protection, such as by disguising malware as legitimate software available in app stores. These attacks will only become more frequent and sophisticated, so IT must take every step possible to ensure users have smartphone virus protection against current and future threats.
Smartphone malware protection steps
Educate users about the potential risks of malware. Training mobile employees on smartphone malware protection is one of the most important things IT can do, because mobile users are the first line of defense. Keep them up to date on malware attacks and emphasize the importance of common sense in everything they do with their smartphones.
Implement policy standards and enterprise mobile device security best practices that are easy for users to understand. Users should employ a passcode, encrypt data, not jailbreak devices, disable Bluetooth when not in use, implement remote wipe and download only enterprise-approved apps.
Require malware protection on all smartphones for which such software is available. It doesn’t matter what kind of smartphone malware protection users have on their phones, as long as the protection is there. You’re not likely to find a product that covers every version of every phone, but most companies are rushing to cover the recent versions of the major players in the smartphone market.
Implement secure communications for smartphone users who access the corporate network remotely. They should always do so through a virtual private network (VPN). Most smartphones come with a built-in VPN client or can run third-party clients that ensure secure access to network resources. If users access the corporate network directly via a wireless connection, that network should be encrypted and authenticated with the Wi-Fi Protected Access 2 Enterprise protocol. Without smartphone malware protection, cybercriminals can intercept Wi-Fi or Bluetooth signals, then crack passwords, redirect data or control a device remotely.
Implement a mobile device management (MDM) program that allows admins to remotely control passcode policies, app installations, device functionality, Internet access, privacy and security. Even if your users have different kinds of smartphones, IT can develop a successful mobile device management strategy. In addition, consider that app stores can help support application deployment.
Use Microsoft Exchange ActiveSync as part of your smartphone virus protection regimen to secure email, calendar, contact and task data. ActiveSync can also enforce password restrictions, implement security policies, set inactivity times and perform remote wipes.
Why you need smartphone malware protection
So far, Android has received the brunt of the malware and Web attacks against smartphones, primarily because the Android Market’s policy places fewer restrictions on developers than do other app stores. Last year, for example, a strain of the Zeus Trojan, designed to steal online banking credentials, was hidden in a rogue banking app.
Other smartphone vendors require that apps go through a vetting and certification process before developers can upload them. But an app store can provide only so much smartphone virus protection. Last year, for example, the website Jailbreakme.com used a weakness in iOS to let users jailbreak their devices. Attackers could have used the same vulnerability for malicious reasons, but Apple later patched iOS to prevent that from happening. Jailbreaking can also make smartphones more vulnerable, because it overrides devices’ internal controls and protections.
Future smartphone malware threats
There’s no way to predict the future of smartphone malware, but IT should take precautions that will help protect devices now.
More on smartphone malware protection
Mobile device security policies: Asserting control over mobile devices
Mobile device security overview
Handheld and mobile device security: Mobile malware, breach prevention
The biggest challenge of smartphone malware protection for admins will be the mobile workforce itself. Employees use smartphones because the devices are flexible, versatile and convenient, and they won’t like changes from IT that threaten their smartphone freedoms. Plus, most smartphone users pay for their own devices. When the business doesn’t foot the bill, your job as an IT admin becomes much more difficult.
But smartphone malware poses a significant risk to the enterprise, and you can’t ignore this threat. Otherwise, it’s only a matter of time before sensitive data and network resources become victims.