"Cough! Cough!" Yes, That Was Your Smartphone Wheezing At You
Believe it or not, the first mobile viruses began appearing back in mid-June 2004. The Cabir worm and Mosquito Trojan both targeted smartphones that run the Symbian Series 60 operating system, which is the most widely used smartphone platform across the world. Others targeting Windows Mobile appeared later. Should the enterprise be concerned? Hell, yeah!
Believe it or not, the first mobile viruses began appearing back in mid-June 2004. The Cabir worm and Mosquito Trojan both targeted smartphones that run the Symbian Series 60 operating system, which is the most widely used smartphone platform across the world. Others targeting Windows Mobile appeared later. Should the enterprise be concerned? Hell, yeah!With wireless devices becoming more sophisticated all the time (I found an app that let's my BlackBerry manage my multiple personality disorder), malicious jerks have decided to have even more fun at our expense (apparently destroying our hard drives, sending billions of spam messages from our IP addresses or accessing our bank accounts just isn't enough for them).
While your average run-of-the-mill Java or BREW phone (read: crappy feature phone) is probably safe for the time being, phones that run Symbian, Windows Mobile, Palm OS and RIM OS are much more at risk and it's surprising to see how quickly and in how many ways naughty code writers have found to use abuse them. With more and more sensitive corporate data stored on these devices, mobile viruses are a rising threat that can't be ignored by the enterprise.
Unfortunately for IT departments, this means being the bad guy for a while, as there are some simple ways to protect enterprise data from this threat.
1. Don't let employees back-door the devices in. If they buy a smartphone over the weekend and want you to activate enterprise email, access, whatever, come Monday morning, tell them tough luck. I don't care if it's the CEO. Don't forget that employees are sneaky, and don't like hearing no for an answer. You may have to buy software that sniffs out unauthorized devices (the CEO's Treo, that S.O.B.!) that are accessing the network and pro-actively find them and terminate their access. (Don't worry, the CEO should thank you for protecting his network.)
2. Create strict policies for mobile equipment. Decide what can be accessed and what can't. Force employees to use security features, passwords, on-device encryption and so on. Make them pick hard passwords. Forbid employees from downloading anything not directly related to work, like games or wallpapers of Miss January.
3. Install antivirus software on the devices. Believe it or not, there is already an industry swelling here. Talk to your wireless carrier about the best options.
4. Control the phones' Bluetooth. Even though it's fun to say "Bluejacking" and "Bluesnarfing", Bluetooth has become an easy entry point for mobile viruses. Cabir took advantage of Bluetooth to sneak inside handsets and place calls to expensive 1-900 numbers, running up the bills.
5. Educate employees. Most people haven't heard of mobile viruses, and may not really believe in them. With threats to security increasing all the time, you should hold regular meetings or provide regular updates to inform employees about the risks they and their devices face every day.
If employees come to hate the IT managers for being strict policy enforcers, too bad. They aren't at work to be liked, they are there to keep the network and its data protected.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.