Implement Malware Savvy Mobile App Policy
As more personally owned smartphones and tablets infiltrate the workplace, IT pros are having to develop company policies for mobile applications. Most IT shops have managing email down, but when it comes to assessing the risks associated with mobile apps, it can feel overwhelming. Malware especially is a rising threat. That's why it's important to take the time to develop an effective mobile app policy for the bring-your-own-device crowd. Follow these tips for a good start.
-- Base it on your corporate policy. BYOD policies tend to be slapped together with not much thought behind them. A hurry-up job is the wrong way to go about deploying a BYOD program. Start with the policy for your corporate-owned phones, which is probably well-established and has withstood the test of time, and expand it for BYOD with the specific needs of your organization in mind.
-- Recognize the malware problem. As more apps are deployed into the enterprise by way of smartphones and tablets, the possibility of malware increases. According to mobile device management software company MobileIron, mobile malware is on the rise. Types of malware attacks include SMS or phone dialing for premium-rate fraud; data stolen or destroyed via Trojans and viruses; operating system exploits to root or disable the device; and stolen credit card information through the use of key loggers.
Apps in the iOS platform often are "sandboxed" so they are harder to penetrate. However, malware still can make its way onto devices--through websites, email attachments, and ringtones. It can creep in through text messages or Bluetooth, Wi-Fi, USB, or mobile-to-mobile connections. Firmware breaches and even physical access are also infection possibilities.
-- Spell out approved app sources. Apps can come from many places. Although your enterprise might have its own app store, many smart phone and tablet users will want to download apps from popular app stores such as the iOS App Store, Android Market, Windows Phone Marketplace, and Blackberry App World. Employees should always use official app stores or at least do some research about the app before downloading it to reduce the risk of malware.
-- Ask employees to stay on alert. Users should regard with suspicion any email notification that tells them to install an application update.
-- Consider restricting app connections. Your policy could restrict apps that hook up to social networks or cloud storage.
Read our full interview with MobileIron on how its toolkit speeds up mobile device management.
Boonsri Dickinson is the Associate Editor of BYTE