When Google released Android 4.2 in November, many people cheered the announcement of a new security feature called “application verification service.” The service, which scans app downloads for suspicious code, was purported to bring the Android marketplace closer to Apple’s model for security. However, a new study claims the Google AVS is only effective in stopping 15% of known malware threats. This is a scarily low number for IT departments who have been grappling with enterprise mobility security and the increase in BYOD initiatives.
BYOD, or Bring Your Own Device, refers to companies who allow their employees to use and access company networks and information using their own mobile phones, tablets, or laptops, rather than company owned and managed devices. This setup, while especially attractive to employees who like to purchase the latest tech gadgets, can present a lack of control for IT departments concerned with security. A smartphone infected with malware could potentially be used to capture sensitive corporate information. A lost or stolen tablet without the proper security could potentially be used to access secure corporate networks.
IT departments, if they haven’t already, need to make enterprise mobility policy their top priority for the new year. The first decision will need to be whether to employ BYOD, or if company issued devises would be more beneficial for the company. While some industries, such as stock trading, still lend themselves towards the latter, most IT researchers believe BYOD will become the norm. In determining policy, Gartner IT advisors recommend, “Enterprises should focus on mobile data protection (MDP), network access control (NAC), and mobile device management (MDM) tools to support their BYOD and new enterprise mobile platform efforts.” Mobile data protection means using a secure mobile data transfer solution such as EFT Server to let users conveniently and securely access sensitive data. A solution like this also maintains control over network access though encryption, authentication, and detailed reporting. Mobile device management means that IT departments should be prepared to manage and support a wide range of devises from smartphones and tablets to laptops. Employees who purchase these devices may not have the skills or knowledge necessary to use or set them up properly, so it is in the best interest of corporate IT departments to educate and support users on best practices for safety and security. Companies will also want to plan for decommissioning, or wiping clean, old devises when new purchases are made. Employees need to know what to do to make sure company data is removed from the phone before passing it along or turning it in for recycling.
The amount and types of mobile malware attacks have increased exponentially in the last couple of years. This trend is fueled in part by the increasing popularity of BYOD. The information currently stored and accessed by mobile users is tantalizing to criminals who exploit weak security to reach contact information, passwords, bank account data and much more. Make sure your company has a strong enterprise mobility plan in place. Educate your workforce on proper security protocol. Keep up with the latest data and best practices to keep your corporate data secure.