In a post-pandemic hybrid-remote work setup, Bring Your Own Device (BYOD) has fast become a norm for many companies. During the first half of 2022, Kaspersky has detected five (05) types of vicious mobile malwares that potentially pose serious security threats to companies who practice BYOD.
The main idea behind proper BYOD security is that personal devices have to be treated in the same way as company-owned devices. Not securing the devices of company staff whose own personal devices like laptops, tablets, and smartphones are used for work tasks and to access critical business information could be too risky for any organization.
BYOD poses dangers by mixing corporate data and personal data on one device. Whenever personal data and corporate data are stored in the same mobile device, there’s the possibility of security risks. Separating corporate data and the user’s personal data can help businesses to apply special security measures for their confidential or business-critical information.
High-profile employees can become victims of cyber espionage just like in 2020 when Kaspersky found a new Android implant used by Transparent Tribe for spying on mobile devices. It was distributed in India disguised as a porn-related app and a fake national COVID-19 tracking app. The program was able to download new applications to the phone, access SMS messages, the microphone, call logs, track the device’s location and enumerate and upload files to an external server from the phone.
Transparent Tribe is not the only example with other similar campaigns detected by Kaspersky researchers over the years, such as GravityRAT, Origami Elephant, and SideCopy.
BYOD also brings IT teams more platforms to manage. With the average employee now using two or three different mobile devices to access the corporate network, BYOD brings IT and security departments the challenge of having to implement and manage mobile security across an almost limitless range of devices and operating systems, including Android, iOS, Windows Phone, Windows Mobile, BlackBerry, and Symbian.
An IT department has to keep in mind that in the modern environment employees will work with corporate data anywhere they want, on a variety of devices. What has to be done is proper control of software and apps, web and email as well as protection from malware and loss/theft using modern methods.