Smartphone Malware Is a Serious Threat
We all know how important it is to protect your desktop and laptop computers from malicious threats. Installing antivirus and security software is one of the first steps you take when you get a new computer, and for good reason. An unprotected device is at great risk. With that said, a lot of users don’t think about the threats that target their most-used devices, their smartphones.
Malware and other cybersecurity threats are not a new thing to smartphones and mobile devices, but they don’t tend to get the same attention as threats that target Windows. This might be because, for the most part, mobile device malware is a little less common, or at least a little less intrusive. That doesn’t make it any less of a problem though.
You might also feel a little less at risk simply because of your relationship with your device. Our smartphone is often with us day and night, at work and at home. Combine that with the fact that most users use their smartphones in a sort of echochamber, they might not be directly exposed to threats as often as they are on a PC. We’ll get to more on this shortly, but first it’s important to break down the risks based on whether you have an iOS or Android device.
Apple may tout iOS as being the safest mobile operating system on the market, but it has never been completely safe. The biggest risks are only a problem for users who have jailbroken iPhones, meaning they ‘hacked’ their own device to allow themselves to bypass Apple’s built-in security restrictions. If you haven’t done that, you are avoiding a lot of risk. The other risk, which is less common, involves a more major type of risk called a zero-day hack. Zero-day hacks target devices that haven’t received a security update after the security update has been released to the public.
The problem with iOS security is that there aren’t a lot of ways to prevent the issue, and you are really at the mercy of Apple to keep your device safe. They certainly want to keep their reputation, so trusting in them to do so isn’t invalidated.
Android is in a different situation. There are a lot more risks for Android devices, simply because there are many different manufacturers making and supporting the operating system. For example, Samsung uses a slightly customized version of Android, and if you have a Galaxy Note 10, you’ll get the latest updates to Android on a different schedule than Google’s Pixel.
Android is also more open and flexible than iOS, which is why a lot of users prefer Android over iOS. If you want to install an application that hasn’t been vetted by Google, you can. You can also jailbreak an Android device, which, similar to jailbreaking an iPhone, can override some of the built-in security restrictions.
Even installing apps off of the Google Play Store can sometimes lead to malware being installed. Google has had to play cat-and-mouse with app developers to keep threats off the marketplace, but it has become clear that it really comes down to the user being careful with what they install.
That isn’t to say you should abandon Android or restrict your employees from using Android devices to access company email or other apps. Many long-time Android users never experience malware - it depends on how you use your device.
How to Protect Your Smartphone from Malware
Rely on that Echochamber - We mentioned this earlier, but both Android and iOS feature their own app stores. Although Android devices can install applications that aren’t on the Google Play store, most modern devices make it a little harder to do so, or at least add an extra step warning users that it might put their device at risk.
If you don’t jailbreak your phone, and you only install applications that are thoroughly vetted, positively reviewed, and come directly from the Apple App Store or Google Play, you will greatly reduce the risk of infecting your device.
Don’t Get Phished - Many threats these days don’t even rely on infecting a certain device to get things going. Instead, they rely on the end user to slip up and make a mistake. Phishing attacks are a prime example of this. A user will get a legitimate-looking email from a bank, online store, or other common online account and be asked to submit their login credentials. This email is actually spoofed and made to look real, and upon logging in, the password will be sent to a cybercriminal instead.
Install Anti-malware - Most antivirus and anti-malware software providers have Android apps. It’s not a bad idea to have something running on your phone to help protect you.
Establish Device Security Policies - If you are a business owner and your employees use their personal devices to check email, review documents, and communicate for work, it’s a good idea to establish a mobile device policy. You can require users to enable device locking, encryption, and other security features. This gets set up on your network, and when they sign in to their email on their device, their device has to comply with your company’s requirements before they can get access to anything.
We can help you protect your company data, including helping you establish centralized mobile device security policies. If you want to learn more, don’t hesitate to give us a call at 607.433.2200.