Quick Hits

Strategies For Fighting Mobile Device-Borne Malware

Bad guys are increasingly targeting mobile devices as a means of penetrating your corporate data. Here are some tips that might help you stop them
[Excerpted from "Stop Mobile Device-Borne Malware," a new report posted this week on Dark Reading's Mobile Security Tech Center.]

Worried about the risk posed by malware on the mobile devices your employees use? You’re not alone.

In the 2011 InformationWeek Strategic Security Survey, 70 percent of 1,084 respondents said mobile devices, such as smartphones and tablets, present some level of threat to their company. Fifty-nine percent said they worry that an infected device may connect to the corporate network, and 37 percent fear malicious apps downloaded by users.

But you’re OK if you don’t provide corporate devices and you ban personal devices from accessing company resources, right?

Wrong. Corporate information is still going to end up on those personal devices. Users may forward sensitive information from their work email accounts to the personal accounts they use on their mobile devices. Or they might use cloud-based note-taking applications to track to-do lists or to take notes during meetings or phone calls. One way or another, the data will end up on the devices, so it makes sense to be prepared for mobile threats, no matter what your company policy on the devices.

So how does malware get onto a mobile device? It is almost always tied to some free game or utility, such as those that back up SMS messages or allow users to modify wallpaper or the screen color scheme. Even if freeware is not designed specifically to be malicious, it can still cause harm due to included advertising.

How do we fight back? Education and the development of clear policies around the use of mobile devices are the first steps. IT staff members need to learn more about the security issues and malware that affect mobile devices before they can effectively protect against those threats.

Education is also key to being able to advise management on policies needed for both protection of corporate resources and awareness efforts for users. End users must be trained in the risks involved in using mobile devices, especially when relying on the same devices for business and personal use.

To get detailed recommendations on how to prevent mobile malware infections -- and to learn how to get the most out of the emerging class of mobile device management (MDM) tools -- download the full report on mobile malware.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message