We at Metacompliance have enjoyed celebrating European Cyber Security Month (ECSM) 2016. For Week One of the campaign, we discussed how users can stay safe online. We then went to the workplace and provided tips on how organisations can enlist their employees' support in creating a security culture. After that, Week Three led us into the dark world of cybercrime, where we talked about how users can protect themselves against bad actors.
For the fourth and final week of ECSM 2016, we go mobile and highlight some important ways by which people can prevent and defend against a mobile malware infection.
Legitimate app marketplaces like Google's Play Store and Apple's App Store scan new applications for malware before they are approved for public release. The same cannot be said of many third-party websites, where anyone can upload an app regardless of how fake or malicious it is. As a result, users should always download apps only from the official app marketplaces available on their mobile platforms.
Just because an app is available on the Play Store or App Store doesn't mean it's legitimate. It might just mean its authors used sophisticated techniques to hide their malicious software. Fortunately, while those tactics might evade detection from an automated virus scanner, they often make themselves known to the user in the form of suspicious or unexpected behaviour.
With that being said, people should make an effort to read an app's reviews before they go ahead and download it. If anyone has seen any malicious or suspicious behaviour, they've likely posted a comment about it in their review.
In the event of a newly released app, sometimes a user might not be able to rely on other people's reviews to protect themselves against mobile malware. That's why they should carefully read the list of permissions requested by any app before they download it. For example, if a simple stopwatch app requires access to a phone's stored contacts, phone, SMS messages, location, and camera, the program is probably not what it advertises itself to be.
Whenever users connect their devices to a public Wi-Fi connection, they put themselves in the way of malware, data theft, and man-in-the-middle (MitM) attacks. They can defend against those threats by installing a number of tools onto their devices. One of those should be a VPN, which establishes a secure connection when users go online and thereby helps to protect their information from being stolen. They should also install a mobile security solution that is capable of actively scanning their devices for malware.
No matter what kinds of defences you put in place, sometimes a crafty piece of malware makes it onto a device. Malware comes in many different forms. One of its most notorious manifestations is ransomware, a type of program that encrypts users' data and demands that they pay a ransom in exchange for the decryption key.
Ransomware is a growing threat on personal computers and mobile devices alike. To protect against encryption-based malware, users should regularly back up their information on a regular basis. Doing so won't protect them against an infection, but it will allow them to restore their data for free if they ever happen to cross paths with mobile ransomware.
Like most things in digital security, defending against mobile malware is all about how users approach their phones and what types of behaviour they're inclined to follow. Some people might have had habits, especially when it comes to how they use their devices at work. But they can learn better ones with the help of their organisation.
Are you interested in helping your employees protect against mobile malware at the workplace?