Mobile Malware

Wanna Cry caused a bit of a stir over the last month, and it's just the latest in a never ending series of Malware threats that crop up from time. A question we get asked quite often is 'Are our Smartphones at risk?', and the answer to this is undeniably yes, but with some understanding of what the risks are and how to minimise your exposure, it's not something that needs to keep you awake at night.

Firstly, how do they work?

Most virus', trojans or malware programs work by leveraging what are known as vulnerabilities in an operating system, an application or a program. When you consider that even a basic Mobile Operating System consists of millions of lines of software coding instructions, a simple error in one of those lines is all it takes for one of these threats to infect a device. Once they're in, they can then work their way through the system until they get what they're looking for.

Second, how do you get them?

This is usually where the programs, and you come in. Most of these threats are unable to infect your devices without your help. Typically they will try to trick you into opening a file or program that contains the malicious code by pretending to be something that they are not, or offering you something tempting like free movies or games.

Third, what do these people want?

Many of the authors of these threats originally started creating these threats for notoriety, some did it as a form of social disobedience. Unfortunately, many have now seen this as a way of making money and there are businesses around the world that can make a couple of dollars from selling the details of everybody in your address book or the detailed information of where you go on the internet. Lately as with Wanna Cry, they will try to hold you to ransom by encrypting your files and threaten to delete them if you do not pay.

So how do you keep yourself safe?

Firstly, keep your software up to date. Device manufacturers often fix these vulnerabilities and release software updates to the mobile devices, but even today very few people will update their devices unless they are told to do so. As a business, it is your responsibility to ensure that your Operating Systems, applications and services are kept up to date and working.

Secondly, there is no such thing as a free lunch. Don't download free applications from anywhere except the official stores. Don't use free USB charging stations when you can't see the actual charger, and avoid the use of free Wi-Fi networks.

Third, don't get duped. If you get an email telling you that there is a problem with an account you use, don't follow the links in the email, go to the official website and check for yourself. You'd be amazed how detailed some phishing scams can be in replicating websites of Banks and Software packages.

There are of course other ways of minimising your risks as well. Proxy your devices internet traffic through your own firewalls and Anti Virus scanners, deploy Intrusion Protection applications to your Mobile devices, block services and features of the devices themselves to stop the users installing applications, but nothing comes close to educating your staff of the risks and putting policies and controls in place with your Mobile Device Management software.