TechAdvisory.org

Technology Advice for Small Businesses

Protecting your Android mobile devices

When personal and professional information live on one mobile device, a small breach can have huge impacts. As the adoption of bring your own device (BYOD) policies increase, employee awareness of cyberthreats becomes critical. Here are five tips for avoiding common Android-based security risks.

Unsafe devices

Sometimes, the device itself might not be safe due to faulty production or configuration. In fact, Avast recently found hundreds of Android devices that were infected out of the box.This means that the infection was not caused by users, but the malware was installed via apps somewhere along the sales and delivery process.

Malicious apps

Although Google employs strict security measures when it comes to allowing apps into the Play Store, some developers find a way to hide malicious code in their programs and still have them approved.

Simple Call Recorder, for example, tricked users into downloading an additional app, which purported to be an Adobe Flash Player update. Believe it or not, Simple Call Recorder lasted for a year on the Google Play Store and had been downloaded over 5,000 times before it was taken down.

Information leakage from useful apps

Many applications are installed for legitimate uses. But don’t let that fool you, as these apps can be used to extract confidential information such as contact information from your mobile device.

Timehop, a popular app that retrieves old photos and posts from social media accounts, recently suffered a data breach that affected 21 million accounts. Compromised information included names, email addresses, and phone numbers. The attack was due to cybercriminals tapping into the company’s cloud computing account using an administrator’s sign-in credentials.

Banking malware

Most forms of banking malware involve creating a fake login window that mimics one from a reputable institution. It could be a fake website or app that users type their username and password into, only for that information to be sent to a hacker.

According to Security Intelligence, Google recently removed 29 apps from the Google Play Store after nearly 30,000 users accidentally downloaded banking malware. The victims were tricked by personalized phishing forms based on the apps they use.

While the programs were attributed to different developers, researchers discovered common code within them, implying that they were all created by the same threat group. The malware enabled attackers to send and receive text messages, impersonate software from victims’ financial institutions, and download additional apps.

Ransomware

Ransomware is a type of malware that makes data on a device inaccessible and demands a payment to unlock it. In 2017, WannaCry spread like wildfire and wreaked havoc on the global healthcare industry. Ransomware continues to be a cyberciminal’s weapon of choice and according to Malwarebytes, 35% of small- to medium-sized businesses have experienced a ransomware attack in the past year.

If you think ransomware is bad, ransomworms are even worse. Basically, they are ransomware programs that spread themselves across a local network, eliminating the need for human error.
All this sounds horrific, but the worst is yet to come if you don’t act fast. Having said that, here are some security best practices that will help keep your Android devices secure:

  • Set up a lockscreen passcode
  • Monitor mobile device access and use
  • Patch mobile apps and operating systems quickly
  • Forbid unapproved third-party application stores
  • Control physical access to devices
  • Conduct regulatory compliance assessments
  • Implement an incident response plan for lost or stolen mobile devices

While it’s easy to turn a blind eye toward cyberthreats, the question is are you willing to take that chance? If you’re looking for an advanced security solution to keep your Android device safe, give us a call and we’ll be happy to help.