Skip to content

Preventing mobile malware attacks

Mobile malware is malicious software created specifically to attack mobile devices, such as smartphones and tablets, with the goal of gaining access to private data.

While mobile malware is not currently as widespread as malware that attacks computers, this is a growing threat because many companies currently allow employees to access corporate networks via personal devices, potentially bringing unknown threats to the environment.

Here are some recommendations to prevent a malware attack on your mobile devices:

1. Protect your device as if it were a computer

It is important to recognize that a mobile device is a computer and, as such, applications or games can be malicious, and it’s always recommended to check the source. A good practical rule: if an application is asking for more than what’s necessary, you should not install it.

2. Pay attention to the security of WI-FI networks you use to access data

In general, Wi-Fi networks are insecure. For example, if a user is accessing corporate data using a free Wi-Fi connection at an airport, the data may be exposed to malicious users who exploit wireless traffic at the same access point. Companies should develop acceptable usage policies, provide VPN technology, and require users to connect via these secure means.

Everything you should know when using a VPN.

3. Establish and enforce bring-your-own-device (BYOD) policies

BYOD can be advantageous for users and businesses but may result in additional risk. Ask yourself: How can I control a device owned and managed by a user that requires access to my corporate network? Employees are often the best defence to combat the theft of confidential data. Employees using their own mobile devices must follow policies that keep the company in compliance with regulatory requirements.

4. Keep your device’s operating systems up to date

That sounds easier than it really is. In the Android ecosystem, updates can be blocked in several ways: by Google (which updates the operating system); by the manufacturer of the device (who may decide to release updates only for the latest models); or by the mobile operator (which may not increase the bandwidth on your network to support updates). Without the ability to update the Android operating system, your device is vulnerable to possible exploits. Search mobile operators and manufacturers to find out which ones provide updates, and which don’t.

5. Encrypt your devices

The risk of losing a device is still greater than the risk of malware infection. Protecting your devices by fully encrypting them makes it very difficult for someone to hack into and steal the data. Setting a strong password for the device, as well as for the SIM card, is mandatory.

6. Make sure applications are from trusted sources

Popular shopping sites, such as Amazon or eBay, have their own mobile apps. If you want to use these apps, make sure they’re the company’s official apps before you start downloading. This can be done by checking developer information and user reviews on the download page. Do not install applications that are not in official stores.

7. Create a strong password

Users can create a strong password on their smartphones. If a password attempt fails a certain number of times, the phone will be locked, disabled, and in some cases all data will be erased

8. Be wary of text messages

Text messages are an easy target for mobile malware, so it is advisable that users do not send sensitive data, such as credit card details or important private information by text.

9. Check your browser for the padlock symbol

The padlock icon in the browser’s address bar indicates that you are on a secure connection from an encryption standpoint. Check for the padlock when entering personal data, such as your address or payment information, or sending e-mails from your smartphone’s browser.

10. Check the permissions of installed applications

Sometimes we give access to the camera, microphone, photos, or location, and other features to an application that temporarily needs that access, and we never remove it again. You can and should check regularly which applications have access and if you need to disable them and remove them. For example, instead of giving an app permanent access to your photos, you can choose to share that image from the photo manager for that app. This way, the app will only have access to photos that are shared with it. Location access can also be limited to only when the application is running, thereby reducing the risk of exposure.
New call-to-action