Top BYOD security risks and mitigation strategies: Mobile malware, missing devices

Apr 09, 2015

2015-04-09 Mobile Devices.jpgThere are a number of security considerations that business administrators must make before rolling out a company-wide BYOD strategy. Without the proper planning and protection measures in place, such mobility initiatives could become more of a headache than a benefit. Today’s decision-makers are always hearing about high-profile data breaches, and no doubt worry that their enterprise could be the next victim. This puts an increased focus on employees’ mobile activities as supervisors and executives work to ensure that these processes aren’t putting their firms at risk of a cyberattack.

However, when it comes to fear of BYOD security risks, there is one effective strategy to help reduce these concerns. When company leaders have a full understanding of the current environment – including the top issues affecting mobility strategies – they can plan for these events before they happen. Today, a number of organizations are exposed due to two problems: mobile malware and missing devices.

Mobile malware consistently increasing
To nearly no one’s surprise, the recent McAfee Labs Threat Report found that mobile malware is on the rise. According to Forbes, this is the fifth quarter in a row where these findings have been confirmed, illustrating an overall pattern in the industry. As more workers leverage their smartphones and tablets for work, the platform becomes increasingly attractive to hackers looking to snoop and steal valuable enterprise information. However, businesses are responding to this pattern as well.

“The one shining light is that we’re focusing on the mobile network,” said McAfee EMEA CTO Raj Samani. “Criminals are focusing on the mobile platform. We’re going to see more issues with regards to malicious applications.”

As the report outlines, however, it’s not only business applications that can put a mobile device at risk. McAfee recently found a considerable number of cloned apps, specifically those piggybacking off of the popularity of “Flappy Bird.” The report states that out of the 300 “Flappy Bird” look-a-likes studied by the security firm, 238 of them contained mobile malware. When a device is infected, all the content housed or accessed from it is put at risk.

According to the report, the “Flappy Bird” clones came with a range of malicious capabilities built in, including the ability to make calls and send SMS messages without the user’s knowledge, and install other apps without the device owner knowing. These malware-laced apps can also read contact lists, extract GPS location information and send user activity data to third-parties.

In order to mitigate threats of this kind, business leaders must focus on putting protections in place that will fight off these issues. Every BYOD-supported device should be equipped with monitoring software to alert users of any suspicious activity, such as that described above. Additionally, administrators should provide safe platforms for sensitive activities to take place, including a secure file sharing program.

The issue of missing devices
Another problem decision-makers must face is when an employee finds that their BYOD-supported mobile device has been lost or stolen. While challenges like this are bound to happen, they occur more than many would believe.

A Lookout Mobile survey found that a surprising number of smartphones are lost on a daily basis – $7 million worth, to be exact, TechnoBuffalo reported. Many of these devices go missing during the holidays, with $14 million worth lost on New Year’s and $11 million lost at Christmas. The result is an estimated $30 billion in losses, as employers scramble to secure data stored on these lost endpoints.

Stolen devices are also a widespread issue. The Daily Ticker noted that there are 10 cities where smartphone thefts are more prevalent, with Philadelphia, Seattle and Oakland topping the list.

With remote device wiping capabilities in place, however, this becomes less of an issue. Yes the employee has to replace their stolen device, but at least the company’s highly-sensitive materials are secure.