How to protect mobile devices from malware in the enterprise

What is mobile malware?

Mobile malware is malicious software that is specifically designed to target mobile devices. It can be used for various malicious activities, such as stealing personal information, tampering with device settings or sending phishing messages. For example, mobile malware infections can occur when users download suspicious apps from untrusted sources, visit malicious websites on their devices or click on a text message that is a phishing scam. Hackers can also use mobile malware to track user activity and location data, display unwanted advertisements and steal any confidential information stored on a device.

Factors that increase user risk of encountering malware include jailbreaking or rooting the device and downloading third-party apps from untrusted and unknown sources. To protect their privacy and personal and corporate information, users must take extra precautions when downloading apps, visiting websites and connecting to public Wi-Fi networks. Security measures such as regularly updating mobile OSes and avoiding downloading questionable content can also help reduce the risk of a successful attack. Additionally, end users should receive cybersecurity training so they know how to identify any suspicious activity on their devices -- especially phishing attempts against SMS and other messaging clients -- and report it to their security team.

How to protect mobile devices from malware in the enterprise

The security risks posed by mobile malware can be daunting, but there are steps organizations can take to reduce their risk exposure and protect their employees' mobile devices.

The most important strategies to help protect against mobile malware include comprehensive mobile device management (MDM), mobile threat detection and security awareness training.

Mobile device management

MDM software enables businesses to manage and secure their mobile devices. With MDM, IT admins can enforce policies, monitor usage and securely deploy applications across an entire fleet of devices. An MDM's goal is to help provision and manage corporate data and help prevent unauthorized access, all while allowing employees to use their mobile devices for work purposes.

With mobile threat detection, organizations can identify malicious activities in real time and respond quickly to any detected threats.

Implementing MDM helps ensure that only authorized applications and settings are allowed on employee-owned devices. It also enables administrators to manage data remotely, delete data if a device is lost or stolen and monitor user activity for potential threats.

Organizations can use MDM to set and enforce the following policies as part of a strong mobile defense approach:

• Conditional access policies to implement zero-trust strategies, which include allowing or blocking access based on attributes such as device trust, location and network.
• Data loss prevention (DLP) policies to limit whether data from managed apps is visible to unmanaged apps.
• Mobile security policies such as blocking the installation of apps from unknown sources on Android devices and using Google Play Protect.
• OS update policies to ensure devices are running the most up-to-date versions.
• Application allowlists or blocklists to limit the apps that users can install on a device.
• This method is manual and, due to the number of apps and app versions, could leave an admin with loopholes. IT teams should consider it as a strategy to implement along with the above policies and security recommendations.

Mobile threat detection

Mobile threat detection is a form of cybersecurity that focuses on detecting, analyzing and responding to malicious applications and other threats that target smartphones, tablets and other mobile devices. It monitors the behavior of installed apps and can alert users and IT administrators if it detects anything suspicious or malicious. With mobile threat detection, organizations can identify malicious activities in real time and respond quickly to any detected threats.

While MDM tools can support mobile security by enforcing encryption and policies such as DLP and conditional access, they do not have insight into suspicious network activity or how an application behaves, and they can't prevent phishing attacks. However, many mobile threat detection tools -- including Lookout, Zimperium and Microsoft Defender for Endpoint on Android and iOS -- have integrations with MDMs to tell the MDM to create a compliance or quarantine policy based on the threat level being detected. By supplementing MDM with mobile threat detection, IT can scan for malicious files and apps, block potentially dangerous websites and applications and ensure real-time protection against new threats.

Security awareness training

End users also play an essential role in keeping devices secure. Employees should be aware of practices that can put them at risk, such as downloading apps from unknown sources or clicking on suspicious links. Organizations can provide cybersecurity training, which should cover how to recognize and respond to suspicious emails or websites, along with other mobile security recommendations. Some best practices to share with users include the following:

• Use strong passwords.
• Avoid unsecured Wi-Fi networks.
• Avoid downloading untrusted apps.
• Use only official app stores such as the Apple App Store and Google Play Store.
• Keep software up to date and install security updates when available.

In addition to training, organizations should provide explicit guidelines to users regarding actions to protect themselves and the network from malware threats. Establishing clear usage policies for employees using their personal and work-issued devices can also help reduce security risks associated with malware attacks.