Detect & protect; Securing employee phones

Read our insights from the Pegasus Spyware Revelation

A couple of years ago, 50,000 individuals, including journalists and government officials, were the targets of a sophisticated cyber security attack by an organization known as the NSO Group (The Verge). The Group’s ‘Pegasus’ spyware infected its victims’ smartphones, sending private GPS data back to attackers and giving them control of the phone’s microphone, and the ability to record video from the phone’s camera.

So, why should this matter to small business owners?

The Pegasus Spyware revelation has shown that anyone can be at risk of a breach, no matter how big or small their business is. And with mobile spyware becoming more advanced, business owners need to pay attention to the risks to be prepared for any eventuality.

Mobile spyware can operate in the background regardless of whether a link has been clicked or an item downloaded. In the case of Pegasus, it can be installed on a smartphone through a missed call on WhatsApp or a text message that produces no notification. It can even be installed on devices through dating apps, social media and games, all places users would not typically expect to be at risk.

It’s undeniable that smartphones have become an integral part of the workplace around the globe, providing employees with access to emails, texts and banking accounts. Therefore, making sure they’re secure must be a top priority for small business owners.

Lookout and Sophos are companies providing a multi-layered approaches that help prevent attacks. By blocking the device from accessing corporate resources when malware is detected, Lookout is making sure that small business owners are prepared and can protect their data from all angles.

Here are its top tips for protecting your workforce’s mobile phones:

1) Message Protection

One of the most common routes an employee’s mobile phone may become infected is through phishing. This is when the attacker uses a fake message, such as email or SMS, and tricks the user into clicking a link or giving away sensitive data by performing actions, such as logging into company servers. This effectively lets the hacker in, giving them access to any data held on the victim’s phone.

While people are becoming increasingly aware of phishing through email and SMS, they are generally less cautious when it comes to other means, such as social media, gaming and dating apps, which can deliver the spyware via their messaging functions.

Having a comprehensive phishing and content protection (PCP) strategy in place is one of the first, and most important, steps a business owner can make in preventing these attacks.

With PCP, the application will scan websites, links and filter content, detecting and blocking those that are built for phishing and malicious purposes.

2) Weakness Detection

Spyware can take advantage of any weaknesses present on a user’s phone that allow it to sneak in and infect it. These can appear through things such as not using mobile software settings correctly, poor data storage (i.e. lack of secure encryption), and traffic where information sent from an app to another location is not fully protected. Once in, the malware can gain access to the OS and extract data from it.

Vulnerability management software identifies these weaknesses and notifies the user and admin to take action. The application will require that a minimum software update is running on the device, and that apps are updated, preventing the user from accessing company resources otherwise.

3) Mobile Compromise

If an attacker is able to infect the user’s phone through a weak point, it can jailbreak the device in the background. This means removing all restrictions put in place by software on devices, and effectively lets the spyware loose to access any data available.

Luckily, the spyware isn’t as seamless as it thinks. Depending on how it operates, it may leave traces of activity on the device or across any apps, which can be detected by Lookout’s Mobile Endpoint Security software. This is where is jumps into action, blocks access to the Internet to prevent any further leakages and alerts the user.

Protecting employee smartphones can seem like a big task, but it’s one worth investing in. And as spyware continues to advance, you need to make sure you’re staying one step ahead.

Want more help and support? Speak to our expert V-Hub Business Advisers, who offer tailored guidance on a range of topics.