The rise of fake apps: Protect your company from data leaks
Findings from a report released by McAfee shows that 2019 has seen an increased number of fake apps available to download for Android smartphone and tablets users.
McAfee study - the rise of the fake app
According to the study, the months between June and December 2018 saw a 650 % increase in fake-apps being available. One such example was the free-of-charge version of the hugely successful game, Fortnite that tried to gain access to the consumer phones to steal their identity.
In that time, there was also a 200% increase in so-called "Financial Trojans" on smartphones. These fake apps contain Trojans that steal a victim's financial credentials allowing the hacker access to the user's account. Once inside the bank account, the hacker tries to transfer as much money as possible to their own.
Hacking through fake apps
Even though stealing an individual's finances may sound awful, what is worse is the access a hacker can gain to company networks.
Hackers need open backdoors to get inside a system or network, and finding security holes by hacking an employee smartphone is one of the best ways to gain access into a company.
Once a hacker is in a company's system, the company has no protection. A hacker will then have free access to sensitive data to sell or can place a malicious software tool like ransomware that will encrypt any data.
Regardless of the specific criminal intention of the hacker, once a system is open, the hacker can do all sorts of activity. It is therefore essential that your employees' take the steps needed to ensure they protect their smartphones.
Here are some tips on how to prevent employees' smartphones from getting hacked:
Employees should be made aware that their mobile device is a perfect entry inside the company network. Data security training for the use of both private as well as company mobile devices should be made mandatory for the employees. The company should set rules for individual mobile devices in the company.
There should be a strict division between private use and business use. Employees should only use business apps for business purposes. It is an excellent idea to centrally manage all apps that are available on a company smartphone or tablet. You can do this through a Mobile Application Management (MAM).
The employer should manage all employees' smartphones through a centralised administration - (also known as Mobile Device Management). With such a tool, the administrator can implement all the necessary patches and security features via one single role out.
Smartphones or tablets that are used by guests should only be allowed to use the network inside a particular secured guest area that gives access to a limited internet. The IT Department should monitor the guest area in real-time so that no malware can spread across the company.
All mobile devices that are used by the company should be registered in an inventory. There should also be a (short) documentation about every product and its current status –manufacturer, product type, OS, updates, patch levels installed, and telephone number. A signature must always support the handover of any device to an employee.
When an employee wishes to use their mobile device for both private and business purposes, a company should take special measures to ensure its protection. There are several possibilities available to divide the usage; one is to provide a container app such as AirWatch Container from VMware, Sophos Mobile Control 6.0 or Container Station from QNAP NAS. A container app prevents sensitive data from being copied or transferred to private and insecure apps like WhatsApp. If a container app is not available, put a system in place where an employee must seek authentication from their employer before downloading any apps or programmes.
Ensure all employees use an encrypted VPN to download and transfer data.
Hackers are always looking to improve how they can access an organisations system. Hackers will target any organisation, no matter what the industry. Ensure you take the steps needed to protect your company.
Data recovery can help in the aftermath of a cyberattack. If you need professional help, get in contact with Ontrack today.
For more information on ransomware, download our recent white paper.
Picture copyright: Ontrack Data Recovery