Web threats are growing at rapid paces, but there’s another threat that, while you may be familiar with it, you may not realize just how prevalent it is. This threat is malicious mobile apps (MMA). MMAs are apps that provide (or at least the developers claim to provide) some type of useful function for mobile users. When users download the app, they get more than they bargained for. MMAs can install malware that steals your information, tracks your actions and changes settings on the mobile device. As BYOD becomes more widespread, companies face the growing risk of MMAs infiltrating their system and stealing sensitive company information. In this article, we will be looking at the rising threat of MMAs in small businesses and some stats on how the small businesses are being affected by MMAs.
MMAs and BYOD
According to a recent survey and study from Webroot, 88% of all SMBs support tablets and/or smartphones for their company. The types of mobile devices that access company networks vary- 66% are mobile devices that are part of a BYOD program and 54% are personal or guest mobile devices.
The platforms that access company networks are led by iOS at 92%, Android at 83%, Blackberry at 51% and Windows also at 51%. Because of this, many MMAs are also found through legitimate app stores like Apple Store and Google Play.
In 2012, mobile malware families increased 58% and accounted for 59% of all mobile malware. Of all the SMBs surveyed, 76% believe the number of company-supported mobile devices will increase over the next 12 months.
Jailbroken phones can be a liability to a BYOD program. If a phone is jailbroken, it may not have all of the security features up-to-date on the device and it may be unable to be updated. Add that to the fact that 24% of mobile phones on a corporate network are jailbroken, and you can see the potential for disaster is there.
MMAs and information security
The types of MMAs vary, as do the actions that the MMAs perform. According to the Webroot study, 32% of mobile malware apps steal information, 15% track the movements of users, 13% send content and 8% reconfigure the mobile device.
Free apps are the perfect avenue that developers can use to pass on their malware. 79% of the top 50 free iOS and Android apps are associated with risky behaviors or privacy issues.
When it comes to the IT department, the outlook on MMAs is mixed. 25% of IT pros believe their security solution is not very effective (or not effective at all) at protecting against MMAs. 30% of IT pros are not even familiar with MMAs and 28% of them believe MMAs are not even a threat to their company. However, 73% of IT pros believe there will be more mobile threats to their network in the next 12 months, so the majority of IT guys do see the threat behind MMAs. But 74% of time, when an incident happens, IT is not even notified when a mobile device has been rooted.
For companies that have a BYOD program, an effective network security system is critical. A non-effective security and monitoring system can open up the door to malware from MMAs which can result in loss of data and stolen data. Both of these results can have disastrous consequences. Confidential client information, sensitive company information, financial records, contracts, and many other types of confidential information can be stolen and used for monetary gain or files can be simply deleted.
Why cloud backup is the solution to the growing MMA threat
Malware from MMAs can infiltrate your company security system, which can steal information and allow the attackers to have access to company accounts. Once an account has successfully been breached, sensitive and important data can be stolen or deleted. Data loss can be detrimental to a company and can be a huge setback if documents and other files must be created again. Contracts will have to be rewritten and re-signed by clients, contractors, lawyers, etc. Client information may just be gone forever if you are unable to retrieve it. That’s why it is critical that all SMBs have some form of cloud backup solution such as cloudHQ in place.
The cloudHQ service works by performing replication from one cloud provider to another. So as an example, we’ll say that your company uses Dropbox as its main cloud account provider. But if an MMA is able to sneak in through your BYOD program and allow an attacker access to the Dropbox account, all company information stored on that account is vulnerable to being deleted and lost. But cloudHQ can provide automated backup from the main cloud account on Dropbox to another cloud account, let’s say the backup you choose is Box.
The backup cloud account on Box will have completely separate authentication measures from any other company account. This ensures that if an attacker is able to access the main cloud account, he will be unable to access the secondary account.
CloudHQ runs non-stop in the background, invisible to users so that there is no disruption to business activities and employee BYOD tasks. But the cloudHQ continues running, constantly replicating all data changes. If a new file is added to the main company account on Dropbox, it is instantly replicated to Box. Also, if any revisions are made to existing files in the main company account on Dropbox, the changes are instantly replicated to the backup account on Box. If an incident was to happen, restoration is quick and easy and business downtime will be minimal. CloudHQ is the leader when it comes to cloud backup, successfully backing up and protecting millions of files for small businesses each day.
The cloudHQ motto states- Don’t put all your eggs in one basket. Don’t be the small business owner or officer that doesn’t find out what a great service cloudHQ provides until a data loss incident occurs. Once it’s too late, your data could be gone forever. Protect your company data from malicious mobile apps now by signing up for the free 15 day trial from cloudHQ.