Safety, privacy, and security still pose quite a bit of a challenge for mobile users. Even with some antivirus apps that exist on the market, there is little real protection from the booming mobile malware market. We normally have a few recommendations to protect mobile users who have business data on their phones that can keep them safe, but as with all cyber security, the user’s awareness is key.
Having a mobile AV (MAV) is a good first step, which can be provided by various vendors, which uses signature-based detection and heuristics if possible. The main problem with this is the mobile malware landscape is changing so quickly, it’s hard for AV vendors to keep up on the mobile front. This is mainly because for now, there is little profit to be made as MAVs are not widespread.
Besides that, protection comes in the form of awareness. Do not open unknown emails on the phone or even text messages as they can contain exploits. Limit web browsing to sites you trust and use adblocks when possible, because the new trend is malwaretising. Malware is embedded in ad-objects that execute when visiting a site. In addition, it is important to minimize the amount of apps downloaded, especially ones that require excessive permissions or “free” games, because if it’s free you’re not the consumer, you’re the product. Try to avoid connecting to untrusted WiFi networks as these can be used to spread malware, especially using man-in-the-middle style of attacks.
If an app is free, you are not the consumer, you are the product.
While harder for small businesses, it is still important to have a secure backbone to the infrastructure, such as an advanced email filter and a guest network for mobile devices. This can prevent phones from compromising the network, and being compromised by it. Email filters are important as well, especially blocking all Java attachments or disabling pictures, as these can contain malware that will run even on a mobile device.
