Don’t Let Company Data Get KO’d By Mobile Malware

Mobile malware threat

On Saturday night, the Mayweather McGregor bout is expected to gross $500M plus on pay-per-view alone. That would put in the same league as the all time top ten grossing movies in the US. Hence they’re calling it the ‘money fight’. Using the word ‘fight’ is stretching it a bit given only one of them is a boxer. What exactly can McGregor do to at least get to the second round is anyone’s guess. And that’s what’s so appealing about the fight. Were he to win, it would go down as one of the greatest fights of all time and secure the Irishman a position in boxing legend. Even non-boxing fans can’t help getting swept up in the hype.

Nothing for free

As well as being one of the most lucrative sports events of all time its also likely to be one which sets records for illegal streaming. With pay-per-view prices of close to $100 lots of people are going to be sorely tempted to find ways of getting access for free. Others will be driven to use illegal streaming apps because, for territory or platform reasons, they have no legal alternatives…

A quick Google search on your mobile yields any number of sources to watch the fight. And this desire to access content outside legal channels will inevitably lead some of your mobile users to change the settings on their phones to to allow downloads from sources other than the approved app store. By doing this they will immediately expose your organization to a dramatically heightened risk of malware infection. They will have heedlessly changed the security posture of their device leaving the enterprise vulnerable. The risk doesn’t just relate to the dodgy streaming app they download to watch the fight: once they allow downloads from ‘unknown sources’ there will be an ongoing risk of infection.

How can the enterprise defend against this threat? We recommend two steps: employee education and real-time monitoring of device settings and activity.

Prevention through education

The best security in the world can’t help your company data if your employees don’t know how to recognise and avoid a threat. Your company should have clear rules for what employees can install and keep on their work phone. Make sure they understand and abide by these rules. Sideloading apps can open security vulnerabilities in your network. All employees need to be educated on social engineering, phishing attacks, downloading suspect files and the need to keep device software up to date.

Protection through observation

In addition you need to have a system in place to alert your info security when an employee has changed the security settings on their phone and a procedure to ensure the correct settings are reapplied. Using your MDM to quarantine misconfigured devices it a step worth considering. Even better to use Corrata to monitor all traffic to and from the device and immediately identify and block any suspicious domain or IP.

So, keep up the good fight. Don’t get sucker-punched by mobile cyber criminals.